diff --git a/services/src/main/java/org/keycloak/services/resources/AccountService.java b/services/src/main/java/org/keycloak/services/resources/AccountService.java
index 3b3e3cf..5ba6cae 100755
--- a/services/src/main/java/org/keycloak/services/resources/AccountService.java
+++ b/services/src/main/java/org/keycloak/services/resources/AccountService.java
@@ -70,6 +70,7 @@ import org.keycloak.util.UriUtils;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
+import javax.ws.rs.HttpMethod;
import javax.ws.rs.OPTIONS;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
@@ -181,9 +182,11 @@ public class AccountService {
throw new ForbiddenException();
}
- String referrer = headers.getRequestHeaders().getFirst("Referer");
- if (referrer != null && !requestOrigin.equals(UriUtils.getOrigin(referrer))) {
- throw new ForbiddenException();
+ if (!request.getHttpMethod().equals("GET")) {
+ String referrer = headers.getRequestHeaders().getFirst("Referer");
+ if (referrer != null && !requestOrigin.equals(UriUtils.getOrigin(referrer))) {
+ throw new ForbiddenException();
+ }
}
}
