Add support for the Referrer-Policy header in the scanner #530
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
eloquence
reviewed
Aug 28, 2018
directory/models/entry.py
Outdated
| @@ -270,6 +270,7 @@ class ScanResult(models.Model): | |||
| cache_control_nostore_set = models.NullBooleanField() | |||
| cache_control_private_set = models.NullBooleanField() | |||
| expires_set = models.NullBooleanField() | |||
| no_referrer_policy_set = models.NullBooleanField() | |||
There was a problem hiding this comment.
Would you mind renaming this to be less ambiguous? Note that in the UI, it is displayed as "No referrer policy set", which could be interpreted as, "this landing page has no referrer policy" (especially in the context of other "No" fields like no_analytics) , when what you really mean is "this landing page's referrer policy is set to no-referrer", the exact opposite. I would suggest referrer_policy_set_to_no_referrer (long but not ambiguous).
There was a problem hiding this comment.
This is a good point, I'll make the change.
conorsch
approved these changes
Aug 29, 2018
|
Incoming rebase to satisfy branch-out-of-date checks (which we keep enabled on web repos to avoid migration conflicts that git can't catch). |
We verify that it's set to "no-referrer" only.
Includes migration for this field.
With the previous name, it was not clear if the policy header was not set at all, or if it was set to the correct value of `no-referrer`. So this new name makes it clear what we want.
conorsch
force-pushed
the
515-referrer-policy
branch
from
b3e37ff to
ed8d91e
Compare
|
Deployed. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Resolves #515
This pull request:
no-referrer.ScanResultmodel to save the status of that check as true or false (or null, meaning not checked).ResultStatefor this new field. I wasn't totally sure if this was necessary or if there are other things needed for this, but it looks like the other scan parameters have data here so I adapted one from another header-based scan field. If there's something else that should be done here, please let me know.Note: I added unit tests for the scanner function but they are not VCR based: I adapted pre-existing test code for checks that were doing something very similar to this one. I was looking over the code and didn't see any VCR tests for these sorts of scanning/validation methods. I can write some if you want, but I didn't want to color too far outside the lines, as it were.