Feature #24583
Remove HTTP Referer
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | Security | |||
| Target version: | - | |||
| Resolution: | Fixed |
Description
We are currently running Redmine 2.4.3.stable.12909 on Ubuntu
if we have an external URL in our Intranet Redmine, the external website can track the Intranet origin which poses a security concern.
Please let us know on how to fix this?
Related issues
History
#1
Updated by Toshi MARUYAMA about 4 years ago
- Tracker changed from Defect to Feature
#2
Updated by Go MAEDA over 2 years ago
- Related to Feature #29660: Add Referrer-Policy header to prevent browsers from sending private data to external sites added
#3
Updated by Go MAEDA about 2 years ago
- Status changed from New to Closed
- Priority changed from High to Normal
- Resolution set to Fixed
We can close this issue because Redmine 4.0.0 does not send the Referer to external sites. See #29660#note-13 for details.