squidy/qBittorrent
1
0
Fork 0
mirror of https://github.com/qbittorrent/qBittorrent.git synced 2025-12-19 15:07:22 -06:00
Code Issues Packages Projects Releases Wiki Activity

WebUI: don't send HTTP Referer header to other servers

Browse Source 
`same-origin`
> Sends the full URL (stripped of parameters) for same-origin requests. Cross-origin requests will contain no referrer header.

This would be helpful for 3rd party WebUI that were forked from the
official one. The official WebUI is not affect by this change since the
request is blocked by CSP.

PR #23294.
This commit is contained in:
Chocobo1
2025-09-27 15:54:49 +08:00
committed by GitHub
parent 10b879bdaf
commit d02b01c733
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/webui/www/private/views/rss.html
View File

@@ -503,7 +503,7 @@
const iframeElement = document.createElement("iframe");
iframeElement.id = "rssDescription";
iframeElement.sandbox = "allow-same-origin"; // allowed to get parent css
iframeElement.srcdoc = `<html ${rootColor}><head><meta charset="utf-8"><link rel="stylesheet" type="text/css" href="css/style.css?v=${CACHEID}"></head><body>${articleDescription}</body></html>`;
iframeElement.srcdoc = `<html ${rootColor}><head><meta charset="utf-8"><meta name="referrer" content="same-origin"><link rel="stylesheet" type="text/css" href="css/style.css?v=${CACHEID}"></head><body>${articleDescription}</body></html>`;
detailsView.append(iframeElement);
}