9f10fb2 Require an HTTP Referer header in the server. Send one in ipa tools.

Authored and Committed by rcritten 12 years ago
    Require an HTTP Referer header in the server. Send one in ipa tools.
    
    This is to prevent a Cross-Site Request Forgery (CSRF) attack where
    a rogue server tricks a user who was logged into the FreeIPA
    management interface into visiting a specially-crafted URL where
    the attacker could perform FreeIPA oonfiguration changes with the
    privileges of the logged-in user.
    
    https://bugzilla.redhat.com/show_bug.cgi?id=747710
    
        
file modified
+37 -4
file modified
+17 -0
file modified
+3 -0
file modified
+6 -1