Closed benmccann closed 9 months ago
Latest commit: 3ce7eb45d1d77ede0494566bcfee7b7383aaa385
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
The behavior of
allowReferrer
was very confusing to me because I thought it was referring to therel
attribute and I did not understand it's actually referring to theReferer
header being allowedI was also very confused about the security vulnerability being referred to. I assumed it was related to protecting the user's privacy by not passing the referrer header. When I happened to click the reference link I saw that I had been misunderstanding the purpose of this rule and what exactly it was doing.