in src/main/java/org/apache/sling/security/impl/ReferrerFilter.java [188:221]
private Set<String> getDefaultAllowedReferrers() {
final Set<String> referrers = new HashSet<>();
try {
final Enumeration<NetworkInterface> ifaces = NetworkInterface.getNetworkInterfaces();
while (ifaces.hasMoreElements()) {
final NetworkInterface iface = ifaces.nextElement();
logger.info("Adding Allowed referers for Interface: {}", iface.getDisplayName());
final Enumeration<InetAddress> ias = iface.getInetAddresses();
while (ias.hasMoreElements()) {
final InetAddress ia = ias.nextElement();
final String address = ia.getHostAddress().trim().toLowerCase();
if (ia instanceof Inet4Address) {
referrers.add("http://" + address + ":0");
referrers.add("https://" + address + ":0");
}
if (ia instanceof Inet6Address) {
referrers.add("http://[" + address + "]" + ":0");
referrers.add("https://[" + address + "]" + ":0");
}
}
}
} catch (final SocketException se) {
logger.error("Unable to detect network interfaces", se);
}
referrers.add("http://localhost" + ":0");
referrers.add("http://127.0.0.1" + ":0");
referrers.add("http://[::1]" + ":0");
referrers.add("https://localhost" + ":0");
referrers.add("https://127.0.0.1" + ":0");
referrers.add("https://[::1]" + ":0");
return referrers;
}