Place Your Ad Here

Bug Redirects to external information URLs should set Referrer-Policy

There is a bug in this version
K

Kirby

Guest
When accessing an external service like the IP information URL XenForo does perform a redirect to the target URL.

Depending on the used browser (version) and protocol (HTTP vs. HTTPS) this may leak the full URL of the page the service was accessed from.
The full URL may allow the service to draw conclusions relating the data (IP address, location, etc.) to a specific user at a specific time.

Suggested Mitigation
Add Response-Header Referrer-Policy: no-referrer when...

Read more

Continue reading...
 
You must log in or register to reply here.

Similar threads

A
Ques/Help Page with redirects?
Replies
0
Views
148
XenForo General Discussions
ArtG
A
X
Solved All redirects to search results should include search query arguments
Replies
0
Views
223
XenForo General Discussions
Xon
X
X
Bug All redirects to search results should include search query arguments
Replies
0
Views
263
XenForo General Discussions
Xon
X
T
XenForo Login Broken: Redirects User to Register after XF 1.5 to 2.2
Replies
0
Views
313
XenForo Development & Modifications
trigatch4
T
R
XenForo Redirects are killing my forum!
Replies
2
Views
355
XenForo Development & Modifications
mr_chy
M
Top Bottom
Back