Author: kkolinko Date: Sat Feb 16 09:50:24 2019 New Revision: 1853696 URL: http://svn.apache.org/viewvc?rev=1853696&view=rev Log: Do not add CSRF nonce parameter and suppress Referer header for external links in Manager and Host Manager web applications.
Modified: tomcat/trunk/webapps/manager/WEB-INF/jsp/401.jsp tomcat/trunk/webapps/manager/WEB-INF/jsp/403.jsp Modified: tomcat/trunk/webapps/manager/WEB-INF/jsp/401.jsp URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/WEB-INF/jsp/401.jsp?rev=1853696&r1=1853695&r2=1853696&view=diff ============================================================================== --- tomcat/trunk/webapps/manager/WEB-INF/jsp/401.jsp (original) +++ tomcat/trunk/webapps/manager/WEB-INF/jsp/401.jsp Sat Feb 16 09:50:24 2019 @@ -73,7 +73,7 @@ </ul> <p> For more information - please see the - <a href="/docs/manager-howto.html">Manager App How-To</a>. + <a href="/docs/manager-howto.html" rel="noopener noreferrer">Manager App How-To</a>. </p> </body> Modified: tomcat/trunk/webapps/manager/WEB-INF/jsp/403.jsp URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/WEB-INF/jsp/403.jsp?rev=1853696&r1=1853695&r2=1853696&view=diff ============================================================================== --- tomcat/trunk/webapps/manager/WEB-INF/jsp/403.jsp (original) +++ tomcat/trunk/webapps/manager/WEB-INF/jsp/403.jsp Sat Feb 16 09:50:24 2019 @@ -93,7 +93,7 @@ </ul> <p> For more information - please see the - <a href="/docs/manager-howto.html">Manager App How-To</a>. + <a href="/docs/manager-howto.html" rel="noopener noreferrer">Manager App How-To</a>. </p> </body> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org