diff --git a/Builder/IISMainHandler/build.txt b/Builder/IISMainHandler/build.txt
index a35fccb..a2d1b86 100644
--- a/Builder/IISMainHandler/build.txt
+++ b/Builder/IISMainHandler/build.txt
@@ -1 +1 @@
-1736
\ No newline at end of file
+1740
\ No newline at end of file
diff --git a/IISMainHandler/handlers/response/UploadHandler.cs b/IISMainHandler/handlers/response/UploadHandler.cs
index 21eb05f..9e43051 100644
--- a/IISMainHandler/handlers/response/UploadHandler.cs
+++ b/IISMainHandler/handlers/response/UploadHandler.cs
@@ -19,6 +19,11 @@ namespace FLocal.IISHandler.handlers.response {
 		}
 
 		protected override string getRedirectUrl(WebContext context) {
+			Uri referer = context.httprequest.UrlReferrer;
+			if(referer == null || referer.Host != context.httprequest.Url.Host) {
+				throw new AccessViolationException();
+			}
+
 			return Config.instance.UploaderUrl + "Data/" + this.url.upload.hash + "." + this.url.upload.extension;
 		}
 
diff --git a/IISMainHandler/handlers/response/UploadInfoHandler.cs b/IISMainHandler/handlers/response/UploadInfoHandler.cs
index d4ca37e..57d2215 100644
--- a/IISMainHandler/handlers/response/UploadInfoHandler.cs
+++ b/IISMainHandler/handlers/response/UploadInfoHandler.cs
@@ -19,6 +19,9 @@ namespace FLocal.IISHandler.handlers.response {
 		}
 
 		protected override IEnumerable<XElement> getSpecificData(WebContext context) {
+			if(context.session == null) {
+				throw new AccessViolationException();
+			}
 			return new XElement[] {
 				this.url.upload.exportToXml(context),
 			};