Open cpg opened 6 years ago
Maybe we could use an outgoing referral header for any accesses?
i.e. the referrer has to match the full domain of the MK url.
Removing high priority, as, arguably, the web app should not link outside anyway to begin with, though this is still possibly useful to many.
Whitelist one or more domains or subdomains, so user cannot browse outside of domains in that list
The main issue with this is how to cleanly allow access CDNs, e.g. for JS, images/css (cloudfront), etc.