Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use a better referrer strategy #2436

Closed
wants to merge 1 commit into from

Conversation

@Zae
Copy link

commented Feb 14, 2018

Use the origin-when-cross-origin referrer strategy

This keeps referrers working internally (for redirecting back for example), but only sends the main domain to external sites.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

Use the `origin-when-cross-origin` referrer strategy

This keeps referrers working internally (for redirecting back for example), but only sends the main domain to external sites.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
@Zae

This comment has been minimized.

Copy link
Author

commented Feb 14, 2018

The no-referer strategy broke some stuff in our site because we use the referrer to redirect users back to the page after our work was done.

@brandonkelly

This comment has been minimized.

Copy link
Member

commented Feb 15, 2018

Ah yeah that would work well. The main reason we added a referrer policy is so 3rd party sites can’t find out what your CP trigger is.

brandonkelly added a commit that referenced this pull request Feb 15, 2018
@brandonkelly

This comment has been minimized.

Copy link
Member

commented Feb 15, 2018

Doh – I totally overlooked that this was a pull request. Thanks!

@Zae

This comment has been minimized.

Copy link
Author

commented Feb 15, 2018

Yeah, that's what I thought which is a good idea!

Thanks for fixing so quickly, when do you expect the next tag will be?

@Zae Zae deleted the Zae:patch-1 branch Feb 15, 2018
@brandonkelly

This comment has been minimized.

Copy link
Member

commented Feb 15, 2018

Tuesday

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.