Use the CheckAllowRefererMiddleware

Review Request #9194 — Created Sept. 14, 2017 and updated — Latest diff uploaded

Information

Review Board
release-2.0.x
ac3ee23...

Reviewers

The new CheckAllowRefererMiddleware from Djblets requires that sessions
created via the log in form are limited to having the Referer header in
future requests set to a whitelisted host.

See https://reviews.reviewboard.org/r/9167/