Reject referers that do not include an absolute path

author Tom Hughes <tom@compton.nu>

Tue, 16 Mar 2021 11:06:18 +0000 (11:06 +0000)

committer Tom Hughes <tom@compton.nu>

Tue, 16 Mar 2021 11:07:34 +0000 (11:07 +0000)
author Tom Hughes <tom@compton.nu>
Tue, 16 Mar 2021 11:06:18 +0000 (11:06 +0000)
committer Tom Hughes <tom@compton.nu>
Tue, 16 Mar 2021 11:07:34 +0000 (11:07 +0000)
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb

index c3eb1ad85969ad8a3fce2d25c60e35045000c55a..d571535d356ef4db7646df3b618c816b2b6f4574 100644 (file)
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -393,6 +393,8 @@ class ApplicationController < ActionController::Base
        referer = nil
      end
  
+    referer = nil if referer&.path&.first != "/"
+
      referer.to_s
    end
  end
author	Tom Hughes <tom@compton.nu>
	Tue, 16 Mar 2021 11:06:18 +0000 (11:06 +0000)
committer	Tom Hughes <tom@compton.nu>
	Tue, 16 Mar 2021 11:07:34 +0000 (11:07 +0000)