To all instance owners. If you are using Nginx and use the following security header:
add_header Referrer-Policy "no-referrer" always;
Please, consider changing this setting to (note: same-origin):
add_header Referrer-Policy "same-origin" always;
Which should be safe enough for users, while also fixing all the redirect issues the user (or you) might experience with your own Mbin instance.
Referer headers are used to store the previously requested pages/URLs. This can be used to navigate back from which the user came. There are also alternative methods like putting this information in the query string or adding a cookie or session data.
Either way, for now consider changing to same-origin when using Mbin.
Ps. if you are using Apache or Caddy… Well you know what to do^^
You must log in or register to comment.