Stop using referrers to redirect users after login
In SessionsController
we currently use redirect_to referrer
to send people back to the page they originally intended to visit and had to login for.
Instead of using the referrer we should have a hidden field in the login form that holds the same information. That way we can have a strict referrer policy and people who disabled referrers in their browser settings also can benefit from the redirect.