Add a Referrer-Policy response header

RESOLVED FIXED

Status

()

enhancement
RESOLVED FIXED
2 years ago
7 months ago

People

(Reporter: code, Assigned: code)

Tracking

(Depends on 1 bug)

Production
Dependency tree / graph

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

Assignee

Description

2 years ago
User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0
Build ID: 20170601094232

Steps to reproduce:

I created a patch that adds the `Referrer-Policy` (sic) response header to prevent web browsers from sending the `Referer` (sic) request header to external domains. This limits the amount of information that leaks out of the bug tracker to external websites.

https://www.w3.org/TR/referrer-policy/
https://ctrl.blog/entry/private-bts-referrer-header
Assignee

Comment 1

2 years ago
Attachment #8875252 - Flags: review?(dkl)
Attachment #8875252 - Flags: review?(dkl) → review?(dylan)
Hi Daniel, can you send a pull request to https://github.com/mozilla-bteam/bmo so your patch will be reviewed and merged quickly?
Assignee: general → code
Severity: normal → enhancement
Status: UNCONFIRMED → ASSIGNED
Component: Bugzilla-General → General
Ever confirmed: true
Flags: needinfo?(code)
Product: Bugzilla → bugzilla.mozilla.org
QA Contact: default-qa
Version: 5.1.1 → Production
Forgot to say: since BMO will be the base of the upstream Bugzilla 6.0 release, patches generally have to be landed on BMO first.
Assignee

Comment 5

8 months ago
@kohei, here you go https://github.com/mozilla-bteam/bmo/pull/855
Flags: needinfo?(code)
Comment on attachment 8875252 [details] [diff] [review]
0001-Add-a-Referrer-Policy-response-header.patch

Great, thanks!
Attachment #8875252 - Attachment is obsolete: true
Attachment #8875252 - Flags: review?(dylan)
Status: ASSIGNED → RESOLVED
Closed: 8 months ago
Resolution: --- → FIXED

Updated

7 months ago
Depends on: 1512024
You need to log in before you can comment on or make changes to this bug.