Uploaded image for project: 'MusicBrainz Server'
  1. MusicBrainz Server
  2. MBS-8796

Set a referrer policy for HTTPS pages

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2016-10-10
    • Component/s: Misc features
    • Labels:
      None

      Description

      When following a link from an HTTPS page to an HTTP page, browsers by default suppress the referrer in the new request. (On the other hand, if the link leads to an HTTPS page or comes from an HTTP page, the referrer will by default be sent.) Therefore, band websites etc. will not "see" that their traffic is coming from us, which is undesirable. The problem will grow when we switch to enforcing HTTPS. We should therefore set a referrer policy that allows the browser to send the referrer; as our URLs don't contain secret parameters or similar, this should not be a problem-

      (I became aware of this issue because Wikimedia is rolling out a similar change this week. See https://meta.wikimedia.org/wiki/Research:Wikimedia_referrer_policy)

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                chirlu Ulrich Klauer
                Reporter:
                chirlu Ulrich Klauer
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved:

                  Packages

                  Version Package
                  2016-10-10