From: Tom Hughes <tom@compton.nu>
Date: Tue, 16 Mar 2021 11:06:18 +0000 (+0000)
Subject: Reject referers that do not include an absolute path
X-Git-Tag: live~2559
X-Git-Url: https://git.openstreetmap.org./rails.git/commitdiff_plain/93b8c47c8fa1aac86d2d9c730c327c076b578a84?ds=sidebyside

Reject referers that do not include an absolute path
---

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index c3eb1ad85..d571535d3 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -393,6 +393,8 @@ class ApplicationController < ActionController::Base
       referer = nil
     end
 
+    referer = nil if referer&.path&.first != "/"
+
     referer.to_s
   end
 end