[fix] window.open에 noopener,noreferrer 옵션 추가#822
Conversation
외부 링크(패치노트) 열기 시 보안 및 프라이버시 보호를 위해 noopener,noreferrer 옵션을 추가했습니다. - noopener: 새 창이 window.opener에 접근할 수 없도록 방지 - noreferrer: HTTP 리퍼러 헤더를 전송하지 않음
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
Warning
|
| Cohort / File(s) | Change Summary |
|---|---|
보안 기능 추가 frontend/src/hooks/Header/useHeaderNavigation.ts |
handlePatchNoteClick의 window.open() 호출에 'noopener,noreferrer' features 문자열 추가 |
Estimated code review effort
🎯 1 (Trivial) | ⏱️ ~3 minutes
Pre-merge checks and finishing touches
✅ Passed checks (5 passed)
| Check name | Status | Explanation |
|---|---|---|
| Description Check | ✅ Passed | Check skipped - CodeRabbit’s high-level summary is enabled. |
| Title check | ✅ Passed | The pull request title clearly describes the main change: adding 'noopener,noreferrer' options to window.open, which matches the core modification in the changeset. |
| Linked Issues check | ✅ Passed | The code change implements the MOA-311 requirement by adding 'noopener,noreferrer' features to window.open in handlePatchNoteClick, fulfilling the checklist item to add rel attributes when opening new tabs. |
| Out of Scope Changes check | ✅ Passed | The modification is limited to adding security features to a single window.open call, which is directly aligned with the linked issue MOA-311 and contains no unrelated changes. |
| Docstring Coverage | ✅ Passed | No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check. |
✨ Finishing touches
- 📝 Generate docstrings
🧪 Generate unit tests (beta)
- Create PR with unit tests
- Post copyable unit tests in a comment
- Commit unit tests in branch
fix/#821-add-rel-noopener-noreferer-MOA-311
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.
Comment @coderabbitai help to get the list of available commands and usage tips.
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
frontend/src/hooks/Header/useHeaderNavigation.ts (1)
30-37: 보안 개선이 올바르게 적용되었습니다!
window.open에'noopener,noreferrer'옵션을 추가하여 reverse tabnabbing 공격을 방지하는 보안 개선이 적절하게 구현되었습니다. 철자도 올바르게 작성되었습니다 (noreferrer는 r이 3개).선택적 개선 사항:
코딩 가이드라인에 따라 매직 스트링을 명명된 상수로 추출하는 것을 고려해보세요.
파일 상단에 상수를 정의:
+const EXTERNAL_LINK_FEATURES = 'noopener,noreferrer'; + const useHeaderNavigation = () => {그리고 해당 상수를 사용:
const handlePatchNoteClick = useCallback(() => { window.open( 'https://honorable-cough-8f9.notion.site/1e8aad232096804f9ea9ee4f5cf0cd10', '_blank', - 'noopener,noreferrer', + EXTERNAL_LINK_FEATURES, );이렇게 하면 향후 다른
window.open호출에서도 동일한 보안 옵션을 재사용할 수 있고, 일관성을 유지하기 쉬워집니다.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Disabled knowledge base sources:
- Jira integration is disabled by default for public repositories
You can enable these sources in your CodeRabbit configuration.
📒 Files selected for processing (1)
frontend/src/hooks/Header/useHeaderNavigation.ts(1 hunks)
🧰 Additional context used
📓 Path-based instructions (1)
frontend/**/*.{ts,tsx}
📄 CodeRabbit inference engine (frontend/.cursorrules)
frontend/**/*.{ts,tsx}: Replace magic numbers with named constants for clarity.
Replace complex or nested ternary operators with if/else statements or IIFEs for readability.
Assign complex boolean conditions to named variables.
Use consistent return types for similar functions and hooks.
Avoid hidden side effects; functions should only perform actions implied by their signature (Single Responsibility Principle).
Use unique, descriptive names for custom wrappers and functions to avoid ambiguity.
Define constants near related logic or ensure names link them clearly.
Files:
frontend/src/hooks/Header/useHeaderNavigation.ts
#️⃣연관된 이슈
📝작업 내용
noreferer, noopener 정리
새 탭을 열기 위해
window.open을 사용할 시, 특히 _blank를 사용할 경우에 일어나는 문제를 정리했습니다.중점적으로 리뷰받고 싶은 부분(선택)
논의하고 싶은 부분(선택)
🫡 참고사항
Summary by CodeRabbit
릴리스 노트