Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
Security 1.1.2
-
None
Description
For some cases it would be desirable to skip the referrer check altogether for certain resource paths, instead of simply setting "Allow Empty Referrer", thus weakening the security overall instead of only for a well known set of paths for which it would be desirable.
For this reason i'd like to propose adding a path whitelist to the referrer filter configuration. Patch attached.