Added meta tag for referrer, so that only the origin is sent to third party sites, instead of the entire URL, thus avoiding the leak of sensitive information like password reset tokens.

2015-09-08 12:28:28 -05:00 · 2015-09-08 12:28:28 -05:00 · 983a102bd0
commit 983a102bd0
parent 86556a079e
1 changed files with 1 additions and 0 deletions
--- a/app/views/layouts/_head.html.haml
+++ b/app/views/layouts/_head.html.haml
@ -3,6 +3,7 @@
  %meta{charset: "utf-8"}
  %meta{'http-equiv' => 'X-UA-Compatible', content: 'IE=edge'}
  %meta{content: "GitLab Community Edition", name: "description"}
+  %meta{name: 'referrer', content: 'origin'}

  %title= page_title