Comment 14 for bug 560246

While we should revisit this in the near term (checking Referer places undesirable restrictions on user agents), this is not significant for security. Forging a Referer header on a POST requires a browser or plugin bug, at which point you are in trouble anyway.