Tiny Tiny RSS

Community Forums
https://srv.tt-rss.org/oldforum/

[patch] Don’t send HTTP referrer headers to keep installations a little more private

https://srv.tt-rss.org/oldforum/viewtopic.php?f=10&t=3808

Page 1 of 1

[patch] Don’t send HTTP referrer headers to keep installations a little more private

Posted: 01 Jun 2016, 15:32
by Hoo-man
Sets a Referrer Policy that suppresses the HTTP referer (sic) header when clicking on links from Tiny Tiny RSS to external websites. Totally coincidentally, by excluding this header TT-RSS will also bypasses some anti-image hotlinking systmes that looks for this header from non-whitelisted origins. *cough*

The tiny tiny attached patch will thus slightly boost privacy of private Tiny Tiny RSS installations and bypass some image hotlinking countermeasures.

Re: [patch] Don’t send HTTP referrer headers to keep installations a little more private

Posted: 01 Jun 2016, 16:19
by fox
this makes sense, i guess

Re: [patch] Don’t send HTTP referrer headers to keep installations a little more private

Posted: 03 Jun 2016, 11:41
by evildarkarchon
Chrome doesn't seem to recognize "none" as a valid referrer policy, it ignores the meta tag and goes with its default. The full error message (which includes its list of valid referrer policies) is in the image i attached.

Re: [patch] Don’t send HTTP referrer headers to keep installations a little more private

Posted: 03 Jun 2016, 12:06
by fox
yeah "none" is not in the draft, probably should be set to no-referrer
All times are UTC+03:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/