From 93b8c47c8fa1aac86d2d9c730c327c076b578a84 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 16 Mar 2021 11:06:18 +0000
Subject: [PATCH] Reject referers that do not include an absolute path

---
 app/controllers/application_controller.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index c3eb1ad85..d571535d3 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -393,6 +393,8 @@ class ApplicationController < ActionController::Base
       referer = nil
     end
 
+    referer = nil if referer&.path&.first != "/"
+
     referer.to_s
   end
 end
-- 
2.39.5