@diosmosis opened this Issue on July 24th 2018 Member

After https://github.com/matomo-org/matomo/pull/12780 is merged most links will have noopener noreferrer. To make sure all links now & in the future have this link, we should add a check to the UI test system:

  • After a screenshot test passes, scrape the page in phantomjs and look for links that are to other domains.
  • For each of these links, if it is missing noopener noreferrer, report an error and fail the test.
@tsteur commented on July 22nd 2020 Member

Instead there could be also a JS that runs onDomReady, onDomLoad and when components are updated through angular or so to check for any outgoing link in the modified dom and set it dynamically.

@tsteur commented on December 21st 2020 Member
@tsteur commented on July 26th 2021 Member

Also we could be sending a Cross-Origin-Opener-Policy header. However, probably most of the browsers that support this header also apply noopener by default.

@tsteur commented on July 27th 2021 Member

For noopener we don't need to do any changes. Generally though, if we add noreferrer anyway, then we could also add noopener as well.

@Findus23 do we still need noreferrer in links considering we have https://github.com/matomo-org/matomo/pull/17382 ?

@tsteur commented on October 21st 2021 Member

@Findus23 closing this one as the referrer policy header should take already care of this. Let me know if that's not the case

This Issue was closed on October 21st 2021
Powered by GitHub Issue Mirror