While we should revisit this in the near term (checking Referer places undesirable restrictions on user agents), this is not significant for security. Forging a Referer header on a POST requires a browser or plugin bug, at which point you are in trouble anyway.
While we should revisit this in the near term (checking Referer places undesirable restrictions on user agents), this is not significant for security. Forging a Referer header on a POST requires a browser or plugin bug, at which point you are in trouble anyway.