@bitquark reported a low-risk open redirect on GitHub.com. Rails code such as redirect_to :back
could be exploited to redirect a user to an arbitrary location if they were first forwarded to GitHub via a malicious site.
We addressed the behavior by limiting the locations passed via Referer
headers that we allow to be used for redirection.