Comment 1 for bug 529348

I agree that closing this security hole is more important than supporting users who strip Referer.

Handling the user complaints may be painful. Maybe we'll already encounter the pain with login.ubuntu.com, as you say.

Looks like all we'd have to do is drop the two lines ``if not referrer: return``.

Thanks

Gary