{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":12427229,"defaultBranch":"gh-pages","name":"mathdown","ownerLogin":"cben","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2013-08-28T07:18:09.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/273688?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1696799057.0","currentOid":""},"activityList":{"items":[{"before":"6066a72fc8fc38778857619cd75e663160b1557f","after":"e09788574ce05d7d053394b07ef67b0d50f1a33d","ref":"refs/heads/gh-pages","pushedAt":"2023-10-08T21:44:37.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"cben","name":"Beni Cherniavsky-Paskin","path":"/cben","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273688?s=80&v=4"},"commit":{"message":"Merge pull request #219 from cben/referrer-policy\n\nReferer policy: Don't send ?doc=SECRET in external links","shortMessageHtmlLink":"Merge pull request <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1932069596\" data-permission-text=\"Title is private\" data-url=\"https://github.com/cben/mathdown/issues/219\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/cben/mathdown/pull/219/hovercard\" href=\"https://github.com/cben/mathdown/pull/219\">#219</a> from cben/referrer-policy"}},{"before":"288eb22fa798e35129ca2aa0602a893c8b622cbe","after":"2f88b004a004d5ac07f15de1bd61887032c1b05a","ref":"refs/heads/referrer-policy","pushedAt":"2023-10-08T21:33:01.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"cben","name":"Beni Cherniavsky-Paskin","path":"/cben","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273688?s=80&v=4"},"commit":{"message":"Set referer policy to \"strict-origin\"\n\nAffects all requests made from the page.  Notable external links:\n\n- \"bugs\" link to https://github.com/cben/mathdown/issues\n\n  Instead of sending e.g.:\n  Referer: http://localhost:8000/mathdown/?doc=SECRET\n  this will send\n  Referer: http://localhost:8000/\n\n  Until now, users have been revealing secret ?doc=... not only to\n  ~~Heroku~~ Netlify hosting but also to Github, which is unnecessary.\n  What's worse, GitHub has Insights -> Traffic tab, showing referer\n  info!  Luckily, it includes path but not ?query params.  Phew!\n\nTested on Firefox.","shortMessageHtmlLink":"Set referer policy to \"strict-origin\""}},{"before":"0c327fd45b7df8359136cb7cae4a36fdd7fc847e","after":"288eb22fa798e35129ca2aa0602a893c8b622cbe","ref":"refs/heads/referrer-policy","pushedAt":"2023-10-08T21:07:16.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"cben","name":"Beni Cherniavsky-Paskin","path":"/cben","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273688?s=80&v=4"},"commit":{"message":"Set referer policy to \"origin\"\n\nAffects all requests made from the page.  Notable external links:\n\n- \"bugs\" link to https://github.com/cben/mathdown/issues\n\n  Instead of sending e.g.:\n  Referer: http://localhost:8000/mathdown/?doc=SECRET\n  this will send\n  Referer: http://localhost:8000/\n\n  Until now, users have been revealing secret ?doc=... not only to\n  Heroku but also to Github, which is unnecessary.\n  What's worse, GitHub has Insights -> Traffic tab, showing referer\n  info!  Luckily, it includes path but not ?query params.  Phew!\n\n- When making ajax request for viewed markdown file\n\n  Instead of sending e.g.:\n  Referer: http://localhost:8000/mathdown/?viewurl=https://raw.githubusercontent.com/commonmark/commonmark-spec/0.29/README.md\n  this will send\n  Referer: http://localhost:8000/\n\nTested on Firefox.","shortMessageHtmlLink":"Set referer policy to \"origin\""}},{"before":null,"after":"0c327fd45b7df8359136cb7cae4a36fdd7fc847e","ref":"refs/heads/referrer-policy","pushedAt":"2023-10-08T21:04:17.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"cben","name":"Beni Cherniavsky-Paskin","path":"/cben","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/273688?s=80&v=4"},"commit":{"message":"Set referer policy to \"origin\"\n\nAffects all requests made from the page.  Notable external links:\n\n- \"bugs\" link to https://github.com/cben/mathdown/issues\n\n  Instead of sending e.g.:\n  Referer: http://localhost:8000/mathdown/?doc=SECRET\n  this will send\n  Referer: http://localhost:8000/\n\n  Until now, users have been revealing secret ?doc=... not only to\n  Heroku but also to Github, which is unnecessary.\n  What's worse, GitHub has Insights -> Traffic tab, showing referer\n  info!  Luckily, it includes path but not ?query params.  Phew!\n\n- When making ajax request for viewed markdown file\n\n  Instead of sending e.g.:\n  Referer: http://localhost:8000/mathdown/?viewurl=https://raw.githubusercontent.com/commonmark/commonmark-spec/0.29/README.md\n  this will send\n  Referer: http://localhost:8000/\n\nTested on Firefox.","shortMessageHtmlLink":"Set referer policy to \"origin\""}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAADkjxFkwA","startCursor":null,"endCursor":null}},"title":"Activity · cben/mathdown"}