1. What is the nature and description of the request?
   The customer requests a security enhancement in the Ansible Automation Platform to validate the value of the "Referer" HTTP header during requests and to implement a one-time-nonce for each form submission. This enhancement aims to prevent unauthorized access or manipulation of sessions and cookies, which could lead to impersonation of legitimate users and unauthorized actions on their behalf.

1. Why does the customer need this? (List the business requirements here)

• The current implementation potentially exposes customer sessions and cookies to security risks, such as theft or manipulation, allowing an attacker to impersonate legitimate users.

• A security breach could result in attackers gaining access to sensitive user data, altering records, or performing unauthorized transactions.

1. How would you like to achieve this? (List the functional requirements here)

Referer Header Validation:

• • Implement a feature to validate the value of the "Referer" header for incoming requests to ensure the request originates from a trusted source

One-Time-Nonce for Form Submissions:

• • Introduce a one-time-nonce for each form submission to ensure that form submissions are unique and tied to a single session, preventing replay attacks or unauthorized form submission