diff --git a/resources/tokenisation/minter/token_gen.lua b/resources/tokenisation/minter/token_gen.lua
--- a/resources/tokenisation/minter/token_gen.lua
+++ b/resources/tokenisation/minter/token_gen.lua
#
@@ -27,7 +27,7 @@ local excluded_ips = {"127.0.0.1"}
#
local permitted_referrers = {"*.bentasker.co.uk"}
#
-local blacklisted_ips = {'127.0.1.1'}
#
+local blacklisted_ips = {'127.0.2.1'}
#
@@ -106,8 +106,36 @@ local function check_referrer(referrer,httpref,permitted)
#
+ -- Next, check whether the domain exists in permitted_referrers
#
+ for key,allowed in pairs(permitted_referrers)
#
+ print("Test " .. allowed)
#
+ -- Check whether the whitelist uses a wild card
#
+ first = string.sub(allowed, 1, 1)
#
+ -- remove the first label from the referring domain, and then do a comparison
#
+ splitd = strSplit(".",refdomain)
#
+ print("Checking against " .. table.concat(splitd,"."))
#
+ if table.concat(splitd,".") == allowed
#
+ -- print("Matched wildcard")
#
+ -- Otherwise, we just need to check for a direct match
#
+ if refdomain == allowed
#
@@ -147,7 +175,7 @@ then
#
-if check_referrer(referer,httpref,permitted_referrers) ~= True
#
+if check_referrer(referer,httpref,permitted_referrers) ~= true
#
sendFailed("Referred from unauthorised source")