You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: public/blogs/referer.mdx
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -62,7 +62,7 @@ This helps site owners identify traffic sources, to know what people searched fo
62
62
</C><C>
63
63
<H3>CSRF Protection</H3>
64
64
</C><C>
65
-
The header can be checked to combat Cross-Site Request Forgery. However, for form submissions, using the ``Origin`` header is more preferable. But using the ``Origin`` header [alone]() is not secure enough.
65
+
The header can be checked to combat Cross-Site Request Forgery. However, for form submissions, using the <Lhref='https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin'>``Origin``</L> header is more preferable. But using the ``Origin`` header <Lhref='/blog/csrf-mitigation'>alone</L> is not secure enough.
66
66
</C>
67
67
<H3>Preventing Plagiarism</H3>
68
68
<C>
@@ -85,11 +85,11 @@ There are many ways to go by this
85
85
</C>
86
86
<H3>Browser Settings</H3>
87
87
<C>
88
-
Some browsers allow restricting Referer sending via settings like Firefox's [``about:config``]() or Chrome's command line options. Browser extensions also provide this functionality.
88
+
Some browsers allow restricting Referer sending via settings like Firefox's <Lhref='https://support.mozilla.org/en-US/kb/about-config-editor-firefox#w_opening-aboutconfig'>``about:config``</L> or Chrome's command line options. Browser extensions also provide this functionality.
89
89
</C>
90
90
<H3>Internal Proxies</H3>
91
91
<C>
92
-
Companies often use proxies to manage internal network traffic, including controlling the Referer header. This allows selective dropping or rewriting of the Referer based on whether it's an internal or external domain. However, with the widespread adoption of HTTPS, which encrypts traffic end-to-end, traditional proxy methods like [MITM]() have limitations due to encryption complexities.
92
+
Companies often use proxies to manage internal network traffic, including controlling the Referer header. This allows selective dropping or rewriting of the Referer based on whether it's an internal or external domain. However, with the widespread adoption of HTTPS, which encrypts traffic end-to-end, traditional proxy methods like <Lhref='https://en.wikipedia.org/wiki/Man-in-the-middle_attack'>MITM</L> have limitations due to encryption complexities.
93
93
</C>
94
94
<H3>Referrer Policy </H3>
95
95
<C>
@@ -131,7 +131,7 @@ It's important to note that if the Origin header is sent, it conveys similar inf
131
131
<C>
132
132
-\-**Conditions for Sending:** Always include Referer.
133
133
-\-**Value Sent:** The entire URL.
134
-
-\-**Description:** Sends the complete URL in the Referer header, even during insecure HTTP transitions (e.g., HTTP to HTTP or HTTPS to HTTP). This behavior is considered unsafe due to potential exposure in plaintext communication, susceptible to [MITM]() attacks like proxies.
134
+
-\-**Description:** Sends the complete URL in the Referer header, even during insecure HTTP transitions (e.g., HTTP to HTTP or HTTPS to HTTP). This behavior is considered unsafe due to potential exposure in plaintext communication, susceptible to MITM attacks like proxies.
135
135
</C>
136
136
137
137
@@ -243,7 +243,7 @@ By adding `rel=noreferrer` to `<a>` or `<area>` elements, you can modify the tra
243
243
showLineNumbers={false}
244
244
/>
245
245
<C>
246
-
**Note:** When using `rel=noreferrer` with `target="_blank"`, it prevents the opener relationship from being established to mitigate [tab-nabbing](). For example:
246
+
**Note:** When using `rel=noreferrer` with `target="_blank"`, it prevents the opener relationship from being established to mitigate <Lhref='https://en.wikipedia.org/wiki/Tabnabbing'>tab-nabbing.</L> For example:
Copy file name to clipboardExpand all lines: public/services/code-audits.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,7 +15,7 @@ tags:
15
15
I wrote an <Lhref="/blog/independent-code-audit">article</L> about why your software needs independent code audits.
16
16
</C>
17
17
<C>
18
-
In short, I talked about how independent audits can help mitigate issues stemming from a lack of oversight within internal teams (here's <Lhref="/blog/tag/skill-issues">why</L>).
18
+
In short, I talked about how independent audits can help mitigate issues stemming from a lack of oversight within internal teams (for many <Lhref="/blog/tag/skill-issues">reasons</L>).
19
19
Without vigilant scrutiny of <Lhref="/blog/tag/quality">quality</L> and architectural integrity, problems can escalate unnoticed, hindering future development, which leads to project failures and loss of money.
0 commit comments