Link all external links via proxy script to avoid leaking Referer #3268
Labels
c: Security
For issues that make Matomo more secure. Please report issues through HackerOne and not in Github.
duplicate
For issues that already existed in our issue tracker and were reported previously.
Task
Indicates an issue is neither a feature nor a bug and it's purely a "technical" change.
Comments
|
suggested in #3147 |
|
See the first step in #3460 |
|
Not sure about this one, since linking all URLS via proxy would prevent from "Copy paste" URLs easily, which could be a usability issue... |
This was referenced Nov 9, 2012
mattab
added
c: Usability
|
Let's focus on #3147 as other items here are not needed. |
mattab
added
the
duplicate
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently Piwik links to external websites from the report. This results in the Piwik URL being leaked to the website that probably linked to us. This is not ideal. Instead, we should not link directly from the report to the external URL but instead link to the proxy script which will hide the referrer URL (Piwik URL and its paramters) and redirect the user safely.
This involves following changes:
The text was updated successfully, but these errors were encountered: