Use the CheckAllowRefererMiddleware

 






 

 


  Review Request #9194
  —
  Created Sept. 14, 2017 and updated  — Latest diff uploaded 

 


















 

  

   Information

  





 
 

  brennie
 









 
 

  Review Board
 









 
 

  release-2.0.x
 









 
 

  
 









 
 

  9167
 









 
 

  ac3ee23...
 






 




 

  

   Reviewers

  





 
 

  reviewboard
 









 
 

  
 






 








 





  


 
 

  
The new CheckAllowRefererMiddleware from Djblets requires that sessions

created via the log in form are limited to having the Referer header in

future requests set to a whitelisted host.

 








  


 
 

  
See https://reviews.reviewboard.org/r/9167/