Feature #24583

Remove HTTP Referer

Added by Krishna M S almost 4 years ago. Updated over 1 year ago.

Status:ClosedStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Security
Target version:-
Resolution:Fixed

Description

We are currently running Redmine 2.4.3.stable.12909 on Ubuntu

if we have an external URL in our Intranet Redmine, the external website can track the Intranet origin which poses a security concern.

Please let us know on how to fix this?


Related issues

Related to Redmine - Feature #29660: Add Referrer-Policy header to prevent browsers from sendi... Closed

History

#1 Updated by Toshi MARUYAMA over 3 years ago

  • Tracker changed from Defect to Feature

#2 Updated by Go MAEDA about 2 years ago

  • Related to Feature #29660: Add Referrer-Policy header to prevent browsers from sending private data to external sites added

#3 Updated by Go MAEDA over 1 year ago

  • Status changed from New to Closed
  • Priority changed from High to Normal
  • Resolution set to Fixed

We can close this issue because Redmine 4.0.0 does not send the Referer to external sites. See #29660#note-13 for details.

Also available in: Atom PDF