diff --git a/resources/tokenisation/minter/token_gen.lua b/resources/tokenisation/minter/token_gen.lua
--- a/resources/tokenisation/minter/token_gen.lua
+++ b/resources/tokenisation/minter/token_gen.lua
#
@@ -44,6 +44,20 @@ function table.contains(table, element)
#
+function strSplit(delim,str)
#
+ -- From https://snippets.bentasker.co.uk/page-1705231204-Split-string-on-Delimiter-LUA.html
#
+ for substr in string.gmatch(str, "[^".. delim.. "]*") do
#
+ if substr ~= nil and string.len(substr) > 0 then
#
+ table.insert(t,substr)
#
local function sendSuccessful(tok,expires,debug)
#
-- response format should be
#
+local function check_referrer(referrer,httpref,permitted)
#
+ local refsplit = strSplit("/",referrer)
#
+ local refdomain = refsplit[2]
#
+ -- First, if a HTTP referrer header has been included in the request (not mandatory)
#
+ -- check the domain matches the one submitted in the query string
#
+ local hsplit = strSplit("/",httpref)
#
+ if hsplit[2] ~= refdomain
#
-- get some details from the request
#
@@ -112,6 +147,12 @@ then
#
+if check_referrer(referer,httpref,permitted_referrers) ~= True
#
+ sendFailed("Referred from unauthorised source")
#
-- Calculate when the token should expire