Basic security check to prevent cross-site requests (using Sinatra)

app.rb

require "rubygems"
require "sinatra"
require "json"
require "haml"

get '/' do
  CURRENT_HOST = env['SERVER_NAME'] == 'localhost' ? "#{env['SERVER_NAME']}:#{env['SERVER_PORT']}" : env['SERVER_NAME']
  haml :home
end

get '/test_json' do
  halt 403, "DENIED: unknown referrer" unless request.referer && request.referer.match(request.host)
  return JSON 'test' => 123
end