This is my first post so please excuse any etiquette violations.
I have been running a PBXiAF box for 2 years now and just upgraded to FreePBX 2.8.
I have noticed that there is a problem with having CHECKREFERER set to TRUE in amportal.conf.
The issue is that when one click on a link that has an action verified by the code in /var/www/html/admin/config.php, AND the link is opening up a new window (ie click on the listen button in the recording sections). the HTTP_REFERER is not being found and thus does not match the server name, causing the invalid referer message to be displayed.
While the simple workaround is to make CHECKREFERER=false in amportal, it then opens up a potential security hole.
I am unsure if this is a bowser specific issue (I use ie8).
Any ideas on how this can be rectified?