Link all external links via proxy script to avoid leaking Referer #3268
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
duplicate
For issues that already existed in our issue tracker and were reported previously.
Task
Indicates an issue is neither a feature nor a bug and it's purely a "technical" change.
Currently Piwik links to external websites from the report. This results in the Piwik URL being leaked to the website that probably linked to us. This is not ideal. Instead, we should not link directly from the report to the external URL but instead link to the proxy script which will hide the referrer URL (Piwik URL and its paramters) and redirect the user safely.
This involves following changes:
The text was updated successfully, but these errors were encountered: