public static boolean checkReferer()

in src/main/java/org/apache/sling/auth/core/AuthUtil.java [736:754]

• 17 lines of code
• 5 McCabe index (conditional complexity)

    public static boolean checkReferer(javax.servlet.http.HttpServletRequest request, String loginForm) {
        // SLING-2165: if a Referrer header is supplied check if it matches the login path for this handler
        if ("POST".equals(request.getMethod())) {
            String referer = request.getHeader("Referer");
            if (referer != null) {
                String expectedPath = String.format("%s%s", request.getContextPath(), loginForm);
                try {
                    URL uri = new URL(referer);
                    if (!expectedPath.equals(uri.getPath())) {
                        // not for this selector, so let the next one handle it.
                        return false;
                    }
                } catch (MalformedURLException e) {
                    getLog().debug("Failed to parse the referer value for the login form " + loginForm, e);
                }
            }
        }
        return true;
    }