[ https://issues.apache.org/jira/browse/SLING-2141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13065985#comment-13065985 ]
Tobias Bocanegra commented on SLING-2141: ----------------------------------------- the localhost check should also include IPv6 address: if ( "localhost".equals(host) || "127.0.0.1".equals(host) ) > Add a way to check the referrer for modification requests > --------------------------------------------------------- > > Key: SLING-2141 > URL: https://issues.apache.org/jira/browse/SLING-2141 > Project: Sling > Issue Type: New Feature > Components: Extensions > Reporter: Carsten Ziegeler > Assignee: Carsten Ziegeler > Fix For: Security 1.0.0 > > > To prevent CSRF we could add an additional module which checks the referrer > (referer header) in combination with a configurable whitelist. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira