The new security measures to prevent
CSRF rely on the referrer.
Switching referrers back on after a save failed won't help because the security token has been used up then (hitting "back" and trying again will use the same, expired, token).
bye, Dirk