Closed
Bug 508298
Opened 16 years ago
Closed 15 years ago
Do not allow other websites to embed images hosted on sumo
Categories
(support.mozilla.org :: General, defect)
support.mozilla.org
General
Tracking
(Not tracked)
RESOLVED
WONTFIX
1.4
People
(Reporter: cilias, Unassigned)
Details
In bug 449440 comment 5, there's an htaccess script to only allow embedding of images when the referrer is sumo. That script has still not been implemented.
(Will that script cause a problem on support-stage.mozilla.org?)
|
||
Comment 1•16 years ago
|
||
Jeremy, can you please comment here?
|
||
Comment 2•16 years ago
|
||
Yes, it looks like that htaccess change would cause problems on stage.
|
|
||
Updated•16 years ago
|
Target Milestone: 1.3 → 1.4
|
|
||
Comment 3•16 years ago
|
||
Can we then modify this for stage as follows, so on stage we'll add
+
+ RewriteCond %{HTTP_REFERER} !^$
+ RewriteCond %{HTTP_REFERER} !^https?://support-stage.mozilla.org/.* [NC]
+ RewriteRule ^/.*/img/wiki_up/.* - [F]
+
and on prod as in the original:
+
+ RewriteCond %{HTTP_REFERER} !^$
+ RewriteCond %{HTTP_REFERER} !^https?://support.mozilla.com/.* [NC]
+ RewriteRule ^/.*/img/wiki_up/.* - [F]
+
Reassigning this to Jeremy - we can do it on stage any time, and should apply on prod during the 1.4 push window which is anticipated to be Thursday 24th September.
Assignee: laura → jeremy.orem+bugs
|
|
||
Comment 4•16 years ago
|
||
Hmm, should we just commit this rule to htaccess:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://support(?:-stage)?.mozilla.org/.* [NC]
RewriteRule ^/.*/img/wiki_up/.* - [F]
|
|
||
Comment 6•16 years ago
|
||
(In reply to comment #5)
> Ping comment 4.
Sorry I missed it. Nicely done, please do.
|
|
||
Comment 7•16 years ago
|
||
I'm not sure where this should be committed.
Assignee: jeremy.orem+bugs → nobody
|
||
Comment 8•15 years ago
|
||
Please reopen if this is still something we want to do, but if we have a goal to make more of our content accessible via APIs, then we're expecting other sites to use that content, including the images.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WONTFIX
|
||
Comment 9•9 years ago
|
||
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•