Re: [openstreetmap/openstreetmap-website] Add Cross-Origin-Opener-Policy header (2ff4d6a)

Tom Hughes via rails-dev Mon, 07 Jul 2025 22:59:49 -0700

I've explained the high level reason - we received a vulnerability report that 
needed to be acted on urgently.


The specific issue is that if a malicious site can open a window on 
openstreetmap.org and continue to interact with it then it can observe login 
flows and steal sensitive information. So if you login with google say in that 
window then it can steal your google credentials.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/commit/2ff4d6a4e633e479568572090eb6a16074103cd9#commitcomment-161636418
You are receiving this because you are subscribed to this thread.

Message ID: 
<openstreetmap/openstreetmap-website/commit/2ff4d6a4e633e479568572090eb6a16074103cd9/161636...@github.com>

_______________________________________________
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev

Re: [openstreetmap/openstreetmap-website] Add Cross-Origin-Opener-Policy header (2ff4d6a)

Reply via email to