Stop using referrers to redirect users after login
SessionsController we currently use
redirect_to referrer to send people back to the page they originally intended to visit and had to login for.
Instead of using the referrer we should have a hidden field in the login form that holds the same information. That way we can have a strict referrer policy and people who disabled referrers in their browser settings also can benefit from the redirect.