search

rubygems / rubygems.org

The Ruby community's gem hosting service.
https://rubygems.org
MIT License
2.31k stars 905 forks source link

Set Referrer-Policy header with 'no-referrer' on confirmation token pages #4814

Closed martinemde closed 1 week ago

martinemde commented 1 week ago

Recommended in the OWASP page for password resets, this is unlikely to affect us but also very easy to implement.

https://portswigger.net/kb/issues/00500400_cross-domain-referer-leakage

codecov[bot] commented 1 week ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 97.06%. Comparing base (03026a7) to head (249c2a2).

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #4814 +/- ## ======================================= Coverage 97.06% 97.06% ======================================= Files 399 399 Lines 8443 8447 +4 ======================================= + Hits 8195 8199 +4 Misses 248 248 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.