From 4ab799675c6760391dd54f99d31c9f42aeb0d391 Mon Sep 17 00:00:00 2001
From: inga-lovinde <52715130+inga-lovinde@users.noreply.github.com>
Date: Fri, 18 Jun 2010 21:55:36 +0000
Subject: [PATCH] Referer check added to RequestControllers

---
 IISMainHandler/handlers/request/AbstractPostHandler.cs | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/IISMainHandler/handlers/request/AbstractPostHandler.cs b/IISMainHandler/handlers/request/AbstractPostHandler.cs
index 6071dd3..6e3d6dc 100644
--- a/IISMainHandler/handlers/request/AbstractPostHandler.cs
+++ b/IISMainHandler/handlers/request/AbstractPostHandler.cs
@@ -38,6 +38,12 @@ namespace FLocal.IISHandler.handlers.request {
 		}
 
 		public void Handle(WebContext context) {
+
+			Uri referer = context.httprequest.UrlReferrer;
+			if(referer == null || referer.Host != context.httprequest.Url.Host) {
+				throw new System.Web.HttpException(403, "Wrong referer");
+			}
+
 			if(this.shouldBeGuest && context.session != null) throw new FLocalException("Should be guest");
 			if(this.shouldBeLoggedIn && context.session == null) throw new FLocalException("Should be anonymous");
 			context.httpresponse.Write(context.Transform(this.templateName, this.getData(context)));