From 4d401224de0eeeffcf3295c485a98f3afd7307a1 Mon Sep 17 00:00:00 2001
From: Stian Thorgersen <stianst@gmail.com>
Date: Fri, 10 Oct 2014 10:15:23 +0200
Subject: [PATCH] KEYCLOAK-746 Allow linking to account from external provider

---
 .../org/keycloak/services/resources/AccountService.java  | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java
index 3b3e3cfd80..5ba6cae103 100755
--- a/services/src/main/java/org/keycloak/services/resources/AccountService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java
@@ -70,6 +70,7 @@ import org.keycloak.util.UriUtils;
 
 import javax.ws.rs.Consumes;
 import javax.ws.rs.GET;
+import javax.ws.rs.HttpMethod;
 import javax.ws.rs.OPTIONS;
 import javax.ws.rs.POST;
 import javax.ws.rs.Path;
@@ -181,9 +182,11 @@ public class AccountService {
                 throw new ForbiddenException();
             }
 
-            String referrer = headers.getRequestHeaders().getFirst("Referer");
-            if (referrer != null && !requestOrigin.equals(UriUtils.getOrigin(referrer))) {
-                throw new ForbiddenException();
+            if (!request.getHttpMethod().equals("GET")) {
+                String referrer = headers.getRequestHeaders().getFirst("Referer");
+                if (referrer != null && !requestOrigin.equals(UriUtils.getOrigin(referrer))) {
+                    throw new ForbiddenException();
+                }
             }
         }