Ahh good spot, thanks for the quick fix!
Currently the referrer header is sent along with all external requests occurring from DMT. This means if the user is visiting an external link (like e.g the Telegram group links) the Dojo server address gets sent in the referer
HTTP header to Telegram's server. This is worse if the server is served via a Tor hidden service which the user would assume no one they haven't shared the address with has any knowledge of it.
This change just adds <meta name="referrer" content="no-referrer" />
to the head of the document which will ensure referrer headers are not added to any requests made from DMT.
Luke Childs (d8d30643) at 11 Jun 09:49
Disable referrer header to prevent leaking Dojo address to third pa...