Skip to content
This repository has been archived by the owner on Jul 30, 2024. It is now read-only.

Added logging to Flask Security #829

Open
wants to merge 7 commits into
base: develop
Choose a base branch
from

Conversation

arpitsharmagit
Copy link

No description provided.

jasco pushed a commit to jasco/flask-security that referenced this pull request Oct 3, 2023
Although OWASP still recommends that reset password and confirmation links have the no-referrer header option set - this causes issues with HTTPS and Flask-WTF that requires a referrer header.
Also - for the past 5 years, the browser default for Referrer-Policy is 'strict-origin-when-cross-origin' which should be enough to mitigate any possible Referrer leakage.

closes pallets-eco#829
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Development

Successfully merging this pull request may close these issues.

2 participants