Until someone contributes a patch to do CSRF differently. LP is entirely standards compliant in the current implementation - http://tools.ietf.org/html/rfc7231#section-5.5.2 - using referrer within a site to prevent user agents being tricked into harmful actions cross-site is perfectly legitimate.
Until someone contributes a patch to do CSRF differently. LP is entirely standards compliant in the current implementation - http:// tools.ietf. org/html/ rfc7231# section- 5.5.2 - using referrer within a site to prevent user agents being tricked into harmful actions cross-site is perfectly legitimate.