docs: hero referrer fix done — referrerpolicy now consistent across all remote images
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -68,9 +68,10 @@ bots. Compare `d7` after a full week, `d30` after thirty days. (Admin shows this
|
||||
|
||||
Privacy unchanged: only a salted `visitor_hash` is stored (no IP, no raw token, no fingerprint).
|
||||
|
||||
### Optional (not done) — homepage hero referrer
|
||||
For `remote` images, article cards and the share page use `<img referrerpolicy="no-referrer">`, so
|
||||
the publisher CDN doesn't get the referring URL. The homepage hero (`.news-plate`) is a CSS
|
||||
`background-image`, which can't carry that policy, so it leaks the referrer (not the IP — that's
|
||||
unavoidable for any remote image). Converting the hero to a real `<img referrerpolicy="no-referrer">`
|
||||
would make it consistent. Deferred pending an owner decision (touches the cover/contain hero rendering).
|
||||
### Referrer suppression on remote images
|
||||
Every on-site image request for a `remote` source sets `referrerpolicy="no-referrer"` so the
|
||||
publisher CDN doesn't get the referring URL: article cards, the share page, AND the homepage hero
|
||||
(converted from a CSS `background-image` to a real `<img>` — the retry probe sets
|
||||
`probe.referrerPolicy='no-referrer'` too). This hides the *referrer*, **not** the visitor's IP —
|
||||
any remote image necessarily exposes the IP to the CDN. For zero third-party image requests, the
|
||||
source must be `none` or explicitly cleared for local caching (`cache`).
|
||||
|
||||
Reference in New Issue
Block a user