Apparently some browsers can set a Referer: header which fails
to match. I'm not certain why, but making "$schema://$HOST_PORT"
matches case-insensitive seems more correct regardless.
In case that doesn't work, we'll also allow bypassing deep-link
prevention via a POST form button.
Reported-by: Vlastimil Babka <vbabka@suse.cz>
Link: https://public-inbox.org/meta/93ebfbd1-9924-481c-4edc-9b232d1e995c@suse.cz/