in src/main/java/org/apache/sling/security/impl/ReferrerFilter.java [328:346]
public void doFilter(final ServletRequest req,
final ServletResponse res,
final FilterChain chain)
throws IOException, ServletException {
if (req instanceof HttpServletRequest && res instanceof HttpServletResponse) {
final HttpServletRequest request = (HttpServletRequest) req;
// is this a modification request from a browser
if (this.isBrowserRequest(request) && this.isModification(request)) {
if (!this.isValidRequest(request)) {
final HttpServletResponse response = (HttpServletResponse) res;
// we use 403
response.sendError(403);
return;
}
}
}
chain.doFilter(req, res);
}