Re: Privacy guarantees
Hi Paul (2021.09.11_06:18:16_+0000)
> The web applications available in Debian may suggest visitors request
> resources not available on the same web service. Since most web
> browsers don't block third-party requests by default, those visitors,
> who are only indirectly Debian users, could have a privacy violation.
> The same applies when Debian documentation is copied to a website.
Browsers have a mechanism to do this, Content-Security-Policy:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
That can be implemented by injecting <meta> tags into HTML, or serving
them through a web server (dhelp/dwww) that can provide CSP http
headers.
SR
--
Stefano Rivera
http://tumbleweed.org.za/
+1 415 683 3272
Reply to: