Uploaded image for project: 'Bitbucket Server'
  1. Bitbucket Server
  2. BSERV-8142

As a user, I want an external git submodule link to not send referer url as it may pose a information leak.

    XMLWordPrintable

    Details

    • Type: Suggestion
    • Status: Gathering Interest (View Workflow)
    • Resolution: Unresolved
    • Fix Version/s: None
    • Component/s: Security - Other
    • Labels:
      None
    • UIS:
      5
    • Feedback Policy:
      We collect Bitbucket feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Description

      When an external library or repo is added, committed and pushed to a Stash/Bitbucket Server repo as a submodule, the link within the Stash/Bitbucket Server Web GUI takes the visitor to the external location. This means that the referer (referrer) url (Stash/Bitbucket Server) is sent to the external server and is logged. This is poses as a data/information leak.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            nhansberry Nate Hansberry
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:

                Backbone Issue Sync

                • Backbone Issue Sync is enabled for your project, but there is no synchronization info for this issue.