Please drop the necessity of HTTP referer
Surely, the referer might help to hamper "Cross-site request forgery". But aren't there other strong methods to prevent this kind of attack? I'm really not an expert on Internet security, but I know that the HTTP referer itself is a great privacy leak and all web sites (including home banking, eBay, paypal etc.) except for Lauchpad work without transferred HTTP referers. It is rather enervating to disable and enable (on Opera) the referer only for the Launchpad which is a very nice bulletin board, indeed, but just a bulletin board and not a financial transaction tool.
Can you help with this problem?
Provide an answer of your own, or ask Martina Theuerjahr for more information if necessary.