Set a Referrer-Policy on login/register pages

XMLWordPrintable

    • Type: Improvement
    • Resolution: Fixed
    • Priority: Normal
    • Schema change, 2024 Q2
    • Affects Version/s: None
    • Component/s: Accounts
    • None

      We currently set the Referrer-Policy on the OAuth authorize endpoint, but not the login page which it may redirect to. The register page would make sense to have it too.

      https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-4.2.4

            Assignee:
            Michael Wiencek
            Reporter:
            Michael Wiencek
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:

                Version Package
                Schema change, 2024 Q2