[openstreetmap/openstreetmap-website] gravatar / user image should only be available to authenticated users (#1631)

Tom Hughes notifications at github.com
Tue Jul 28 18:23:41 UTC 2020


One easy thing we could choose to do is to send a [Referrer-Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy) header, with a value like `strict-origin-when-cross-origin` which would mean that, at lost for most browsers, only the base URL of the site would be sent as the referer. That is likely to become the default at some point anyway, if the MDN documentation is correct.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/1631#issuecomment-665201233
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20200728/8eec7c6a/attachment.htm>


More information about the rails-dev mailing list