<p></p>
<p dir="auto">I've explained the high level reason - we received a vulnerability report that needed to be acted on urgently.</p>
<p dir="auto">The specific issue is that if a malicious site can open a window on openstreetmap.org and continue to interact with it then it can observe login flows and steal sensitive information. So if you login with google say in that window then it can steal your google credentials.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/commit/2ff4d6a4e633e479568572090eb6a16074103cd9#commitcomment-161636418">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLJ3XDYETVCIEPRPGZL3HNMXHAVCNFSM6AAAAACA65SOISVHI2DSMVQWIX3LMV43OQ3PNVWWS5CDN5WW2ZLOOQ5TCNRRGYZTMNBRHA">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/AAK2OLJUNWQ7XWBS4YZEBNL3HNMXHA5CNFSM6AAAAACA65SOISWGG33NNVSW45C7OR4XAZNNINXW23LJORBW63LNMVXHJKTDN5WW2ZLOORPWSZGOBGRGAQQ.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><openstreetmap/openstreetmap-website/commit/2ff4d6a4e633e479568572090eb6a16074103cd9/161636418</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/commit/2ff4d6a4e633e479568572090eb6a16074103cd9#commitcomment-161636418",
"url": "https://github.com/openstreetmap/openstreetmap-website/commit/2ff4d6a4e633e479568572090eb6a16074103cd9#commitcomment-161636418",
"name": "View Commit"
},
"description": "View this Commit on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>