Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

govdirectory.org should set the Referrer-Policy header #111

Closed
Abbe98 opened this issue Sep 6, 2021 · 5 comments
Closed

govdirectory.org should set the Referrer-Policy header #111

Abbe98 opened this issue Sep 6, 2021 · 5 comments
Labels
enhancement 🥇 New feature or request good first issue Good for newcomers

Comments

@Abbe98
Copy link
Member

Abbe98 commented Sep 6, 2021
edited
Loading

The feature

No external sites we link to should be allowed to see the origin of a user following the link. Therefore, Referrer-Policy should be set to no-referrer.

Why?

For privacy reasons.

Examples and inspiration

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

Notes

Because we serve Govdirectory from the Github CDN we can't set custom headers so this tasked is blocked by #33.
@Abbe98 Abbe98 added the enhancement 🥇 New feature or request label Sep 6, 2021
@Abbe98 Abbe98 changed the title govdirectory.org sould set the Referrer-Policy header. govdirectory.org sould set the Referrer-Policy header Sep 6, 2021
@Ainali Ainali changed the title govdirectory.org sould set the Referrer-Policy header govdirectory.org should set the Referrer-Policy header Nov 12, 2021
@Ainali Ainali added the good first issue Good for newcomers label Mar 7, 2024
@objectofmind
Copy link

Hi! Can I work on this? I see that it's a "good first issue" and I would like to use this opportunity to fix this issue.

@RVA2869
Copy link
Collaborator

RVA2869 commented Jun 16, 2024

@Abbe98 Is this issue still relevant? Apparently (since October 2021) if there is no explicit header present, the default policy is applied. Which is <meta name="referrer" content="strict-origin-when-cross-origin">

@Abbe98
Copy link
Member Author

Abbe98 commented Jun 16, 2024

No if that's the case we can close this!

@RVA2869
Copy link
Collaborator

RVA2869 commented Jun 16, 2024
edited
Loading

No if that's the case we can close this!

@Abbe98
https://web.dev/articles/referrer-best-practices#default
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#strict-origin-when-cross-origin

refheader

@Abbe98
Copy link
Member Author

Abbe98 commented Jun 16, 2024

Amazing!

@Abbe98 Abbe98 closed this as completed Jun 16, 2024
@RVA2869 RVA2869 mentioned this issue Jun 21, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement 🥇 New feature or request good first issue Good for newcomers
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@Abbe98 @Ainali @objectofmind @RVA2869