Skip to content

feat(images): add referrerpolicy attribute for privacy protection #2588

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat(images): add referrerpolicy attribute for privacy protection #2588

wants to merge 2 commits into from
+5 −1

Conversation

@AldenWangExis
Copy link

@AldenWangExis AldenWangExis commented Nov 13, 2025
edited
Loading

Type of change

  • New feature (non-breaking change which adds functionality)

Description

This PR adds referrer policy support to prevent HTTP Referer headers from being sent when loading images. This enhancement is particularly useful for:

  1. Privacy protection: Prevents external image hosts from tracking where images are being displayed
  2. Hotlink protection bypass: Enables displaying images from platforms with referrer-based hotlink protection (e.g., WeChat Official Account images)
  3. Enhanced security: Reduces information leakage to third-party image servers

Changes Made

1. Meta Tag in Head (head.html)

Added <meta name="referrer" content="never"> to the document head for global referrer policy.

2. Image Tag Attributes (refactor-content.html)

Modified the image processing logic to inject referrerpolicy="no-referrer" attribute to all dynamically generated <img> tags in post content.

3. Sidebar Avatar (sidebar.html)

Added referrerpolicy="no-referrer" attribute to the avatar image in the sidebar.

Additional context

Opened #2586

Testing

Tested with:

  • WeChat Official Account images (mmbiz.qpic.cn domain)
  • Various image formats (jpg, png, gif)
  • Both lazy-loaded and LQIP images
  • Avatar images in sidebar
  • Images with different Kramdown attributes (.shadow)

Branch Information

  • Base branch: master (or latest release branch)
  • Feature branch: feat/img-referrerpolicy
  • Commits: 2 commits
    • feat(images): add referrerpolicy attribute for privacy protection
    • feat(privacy): add referrer meta tag to prevent information leakage

@AldenWangExis
feat(privacy): add referrer meta tag to prevent information leakage
e50b64d 
Add <meta name="referrer" content="never"> to document head
for enhanced privacy protection and hotlink bypass capability.

This prevents browsers from sending HTTP Referer headers when
loading external resources, particularly useful for:
- Displaying images from platforms with referrer-based hotlink protection
- Reducing information leakage to third-party servers
- Enhancing user privacy

Implements W3C Referrer Policy specification.
@AldenWangExis
feat(images): add referrerpolicy attribute for privacy protection
b0154b1 
Inject referrerpolicy="no-referrer" to image tags in:
- refactor-content.html: post content images
- sidebar.html: avatar image

Prevents Referer header leakage and enables displaying images
from platforms with referrer-based hotlink protection.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AldenWangExis