Comment 2 for bug 1858701

Steps to test:
pre-patch, type a search into the splash page search box and look at the browser console for the egEmbedFrameLoader log line where it shows the URL loaded in the iframe. It will look like /eg/opac//results?q=... Click Next a few times and watch the URL grow. Using the retrieve bib by id function can also cause this (/eg/opac//record/<id>), but since there are no next or prev buttons for a single record retrieval this is unlikely to ever result in a 403.

post-patch, perform the same steps as above and note that the url looks normal: /eg/opac/results?q... and you can click next and previous until your hand cramps up and not get a 403.