You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
PMA strip the Referrer header via CSP policy (To Avoid Referrer Leaks)
fix:
while it's better from user/security perspective to not leak REFERRER at all, it appears that it might be against the rules?
it's possible to use referrerpolicy attribute to allow Referrer header to be sent for specific IMG tag by using referrerpolicy attribute: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#attr-referrerpolicy
# Note # using "origin" as value will leak only the origin without the path (better) and it's a "valid HTTP Referer."
The text was updated successfully, but these errors were encountered:
nijel
added
the
Bug
A problem or regression with an existing feature
label
Aug 3, 2016
As the OpenLayers library we use puts effort in providing valid Origin in the responses, I assume this is as good as providing Referrer. At least it provides same information.
Note: The below apply if I understood the policy correctly.
According to https://wiki.openstreetmap.org/wiki/Tile_usage_policy
Technical Usage Requirements:
PMA strip the Referrer header via CSP policy (To Avoid Referrer Leaks)
fix:
while it's better from user/security perspective to not leak REFERRER at all, it appears that it might be against the rules?
it's possible to use referrerpolicy attribute to allow Referrer header to be sent for specific IMG tag by using referrerpolicy attribute:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/img#attr-referrerpolicy
# Note # using "origin" as value will leak only the origin without the path (better) and it's a "valid HTTP Referer."
The text was updated successfully, but these errors were encountered: