-
Notifications
You must be signed in to change notification settings - Fork 274
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for thereferrer
meta tag
#210
Comments
molefrog
changed the title
Support for
Support for theApr 9, 2020
referrer
meta tagreferrer
meta tag
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, first of all, thanks for the gem — our team has been using it for ages and we find it super helpful!
There is a meta tag called
referrer
(see Integration with HTML section) that is supported by modern browsers and allows to customize the Referrer policy. Why it may sound like this is something you wouldn't need very often, but the Referrer policy could be quite important from the security point of view.A use case is the following: say you have an app that allows users to share their data via a unique secret link. Like a Google Doc accessible via a link, like
your-app.com/link/103f133eded
. You obviously want to keep the URL in secret, however, under regular circumstances browsers do attach the full URL into the request. This may lead to a situation when a request is made to third-party websites (like analytics) with the secret link included in the request. In order to restrict that your app could set theReferrer-Policy: same-origin
header. Or, you can include it as a part of your HTML:Let me know what you think about adding this to the library, would love to assist and collaborate.
The text was updated successfully, but these errors were encountered: