From a6596f223175547952816351905c34ccf3e0b84f Mon Sep 17 00:00:00 2001
From: Duncan <duncan@vtllf.org>
Date: Tue, 21 Jul 2015 15:19:56 +1200
Subject: [PATCH] Prevent browsers from leaking referrer headers

---
 templates/base/head.tmpl     | 1 +
 templates/base/head_old.tmpl | 1 +
 templates/ng/base/head.tmpl  | 1 +
 3 files changed, 3 insertions(+)

diff --git a/templates/base/head.tmpl b/templates/base/head.tmpl
index d05775441..8551801d0 100644
--- a/templates/base/head.tmpl
+++ b/templates/base/head.tmpl
@@ -6,6 +6,7 @@
 	<meta name="author" content="Gogs - Go Git Service" />
 	<meta name="description" content="Gogs(Go Git Service) a painless self-hosted Git Service written in Go" />
 	<meta name="keywords" content="go, git, self-hosted, gogs">
+	<meta name="referrer" content="no-referrer" />
 	<meta name="_csrf" content="{{.CsrfToken}}" />
 	{{if .GoGetImport}}
 	<meta name="go-import" content="{{.GoGetImport}} git {{.CloneLink.HTTPS}}">
diff --git a/templates/base/head_old.tmpl b/templates/base/head_old.tmpl
index e04fe2e1a..fc2a86788 100644
--- a/templates/base/head_old.tmpl
+++ b/templates/base/head_old.tmpl
@@ -8,6 +8,7 @@
         <meta name="author" content="Gogs - Go Git Service" />
 		<meta name="description" content="Gogs(Go Git Service) is a GitHub-like clone in the Go Programming Language" />
 		<meta name="keywords" content="go, git">
+		<meta name="referrer" content="no-referrer" />
 		<meta name="_csrf" content="{{.CsrfToken}}" />
 		{{if .GoGetImport}}<meta name="go-import" content="{{.GoGetImport}} git {{.CloneLink.HTTPS}}">{{end}}
 
diff --git a/templates/ng/base/head.tmpl b/templates/ng/base/head.tmpl
index f2a235bd4..6d5001a9c 100644
--- a/templates/ng/base/head.tmpl
+++ b/templates/ng/base/head.tmpl
@@ -6,6 +6,7 @@
         <meta name="author" content="Gogs - Go Git Service" />
 		<meta name="description" content="Gogs(Go Git Service) a painless self-hosted Git Service written in Go" />
 		<meta name="keywords" content="go, git, self-hosted, gogs">
+		<meta name="referrer" content="no-referrer" />
 		<meta name="_csrf" content="{{.CsrfToken}}" />
 		{{if .GoGetImport}}<meta name="go-import" content="{{.GoGetImport}} git {{.CloneLink.HTTPS}}">{{end}}