From 983a102bd028bf7a6335b6674059eb004d4171f3 Mon Sep 17 00:00:00 2001
From: Patricio Cano <suprnova32@gmail.com>
Date: Tue, 8 Sep 2015 12:28:28 -0500
Subject: [PATCH] Added meta tag for referrer, so that only the origin is sent
 to third party sites, instead of the entire URL, thus avoiding the leak of
 sensitive information like password reset tokens.

---
 app/views/layouts/_head.html.haml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/views/layouts/_head.html.haml b/app/views/layouts/_head.html.haml
index 397649dacf8..c3b137e3ddf 100644
--- a/app/views/layouts/_head.html.haml
+++ b/app/views/layouts/_head.html.haml
@@ -3,6 +3,7 @@
   %meta{charset: "utf-8"}
   %meta{'http-equiv' => 'X-UA-Compatible', content: 'IE=edge'}
   %meta{content: "GitLab Community Edition", name: "description"}
+  %meta{name: 'referrer', content: 'origin'}
 
   %title= page_title
 
-- 
GitLab