• 
  
    
 
    
 
    

    



    
    
    
    
     
    






    
 
    


 
    



    
 

 

  

  

 

    


  
    





    
 
    



  

    
 
 
    
  
    Use the CheckAllowRefererMiddleware
    
 
    

    



 
    
 
    

  Review Request #9194
  —
  Created Sept. 14, 2017 and updated  — Latest diff uploaded 

 
    


    




    




    




 
    
  
    
   Information

  
    



    
 
 
    
  brennie
 
    

    





    
 
 
    
  Review Board
 
    

    





    
 
 
    
  release-2.0.x
 
    

    





    
 
 
    
  
 
    

    





    
 
 
    
  9167
 
    

    





    
 
 
    
  ac3ee23...
 
    

    



 
    



 
    
  
    
   Reviewers

  
    



    
 
 
    
  reviewboard
 
    

    





    
 
 
    
  
 
    

    



 
    



    


    
 
    




  

    
 
 
    
  
    The new CheckAllowRefererMiddleware from Djblets requires that sessions
    
created via the log in form are limited to having the Referer header in
    
future requests set to a whitelisted host.
    
 
    

    





  

    
 
 
    
  
    See https://reviews.reviewboard.org/r/9167/