The reason for the intermediary is because the clickthrough sends the previous URL as a referer to the next server.
The only real way to avoid leaking specific urls from the source page to the arbitrary other server is to have an intermediary redirect like this.
All the big products put an intermediary for that reason, though many of them make it a user visible page of that says "you are leaving our product" versus Google mostly does it as an immediate redirect.
The copy/paste behavior is mostly an unfortunate side effect and not a deliberate feature of it.
Aren't those just the URLs in google search results if you copy from the results page instead of clicking through to the destination?
The reason for the intermediary is because the clickthrough sends the previous URL as a referer to the next server.
The only real way to avoid leaking specific urls from the source page to the arbitrary other server is to have an intermediary redirect like this.
All the big products put an intermediary for that reason, though many of them make it a user visible page of that says "you are leaving our product" versus Google mostly does it as an immediate redirect.
The copy/paste behavior is mostly an unfortunate side effect and not a deliberate feature of it.
I don't understand. They are redirecting to their own S3 bucket, so who would be the recipient of the leak?
Also, isn't this what Referrer-Policy is for? https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/...
1 reply →