-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove noreferrer
rel value from links to official Elastic docs
#30846
Comments
Kibana PR is here: #31008 |
I'm not seeing anything in EUI that directly references our documentation, and the docsite itself loads our documentation in the same window, so there's no I think this is primarily it! |
@joelgriffith I think https://github.com/elastic/eui/blob/master/src/services/security/get_secure_rel_for_target.ts will need to be updated to check for elastic links or something. I assume anyone building links to our docs with EUI today (or tomorrow) likely aren't dealing with noreferrer themselves. |
Thanks for pointing that out. I originally assumed that EUI was for public consumption, and didn't want to bake in our logic into that util, but since reading their FAQ I see now that it is for internal-use only. I'll work on a PR and push that here soon |
EUI pr: elastic/eui#1565, this was waaaay more involved given how it handles URL's |
All PR's are now merged and backported into 6.7/7.0 |
We add
noreferrer
to therel
attribute of links in Kibana that contain a remotetarget
to help prevent cross-tab abuse of the opener object, but this is only necessary when the external link is potentially untrusted. We have full control over the code deployed to the official Elastic docs (and we don't abuse opener), so these don't need to be restricted in this way.We'll need to update EUI as well to make sure it whitelists elastic.co for its noreferrer check.
The text was updated successfully, but these errors were encountered: