User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:53.0) Gecko/20100101 Firefox/53.0 Build ID: 20170601094232 Steps to reproduce: I created a patch that adds the `Referrer-Policy` (sic) response header to prevent web browsers from sending the `Referer` (sic) request header to external domains. This limits the amount of information that leaks out of the bug tracker to external websites. https://www.w3.org/TR/referrer-policy/ https://ctrl.blog/entry/private-bts-referrer-header
Attachment #8875252 - Flags: review?(dkl) → review?(dylan)
5 months ago
Duplicate of this bug: 1500568
Hi Daniel, can you send a pull request to https://github.com/mozilla-bteam/bmo so your patch will be reviewed and merged quickly?
Assignee: general → code
Severity: normal → enhancement
Status: UNCONFIRMED → ASSIGNED
Component: Bugzilla-General → General
Ever confirmed: true
Product: Bugzilla → bugzilla.mozilla.org
QA Contact: default-qa
Version: 5.1.1 → Production
Forgot to say: since BMO will be the base of the upstream Bugzilla 6.0 release, patches generally have to be landed on BMO first.
@kohei, here you go https://github.com/mozilla-bteam/bmo/pull/855
Comment on attachment 8875252 [details] [diff] [review] 0001-Add-a-Referrer-Policy-response-header.patch Great, thanks!
Status: ASSIGNED → RESOLVED
Last Resolved: 5 months ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.