[openstreetmap/openstreetmap-website] Add Cross-Origin-Opener-Policy header (2ff4d6a)
Tom Hughes
notifications at github.com
Tue Jul 8 05:58:11 UTC 2025
I've explained the high level reason - we received a vulnerability report that needed to be acted on urgently.
The specific issue is that if a malicious site can open a window on openstreetmap.org and continue to interact with it then it can observe login flows and steal sensitive information. So if you login with google say in that window then it can steal your google credentials.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/commit/2ff4d6a4e633e479568572090eb6a16074103cd9#commitcomment-161636418
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/commit/2ff4d6a4e633e479568572090eb6a16074103cd9/161636418 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20250707/b6840ee2/attachment.htm>
More information about the rails-dev
mailing list