You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I did not check whether you already use a similar mechanism, but it would be great if you can prevent the browser from sending the referrer when they click on a link (a user sent), so it does not leak to the site that the user came from Riot (including the whole URL).
The fix is easy, it's also just another HTTP header or HTML meta tag. So even if you already prevent it in some other way, this is a really safe and small thing and works in all modern browsers, so you should really make use of that.
The text was updated successfully, but these errors were encountered:
An alternative fix to element-hq/element-web#6147 which for some reason
the PR element-hq/element-web#6155 is not yet merged.
The key difference is that the riot-web PR element-hq/element-web#6155
uses HTML meta header for noreferrer, while this one adds the
rel-attribute to include the noreferrer keyword in both user-created
links as well as links converted from incoming events.
I guess it's up to the maintainers then to pick and choose, but please
do ;).
I did not check whether you already use a similar mechanism, but it would be great if you can prevent the browser from sending the referrer when they click on a link (a user sent), so it does not leak to the site that the user came from Riot (including the whole URL).
The fix is easy, it's also just another HTTP header or HTML meta tag. So even if you already prevent it in some other way, this is a really safe and small thing and works in all modern browsers, so you should really make use of that.
The text was updated successfully, but these errors were encountered: