diff --git a/htdocs/admin/const.php b/htdocs/admin/const.php
index 2b6c6b5f08f..e4f0ea50c48 100644
--- a/htdocs/admin/const.php
+++ b/htdocs/admin/const.php
@@ -31,7 +31,7 @@ require_once(DOL_DOCUMENT_ROOT."/lib/admin.lib.php");
 $langs->load("admin");
 
 //Todo protection faille CSRF !!!
-if (!eregi(DOL_MAIN_URL_ROOT, $_SERVER['HTTP_REFERER']))
+if (! empty($_SERVER['HTTP_REFERER']) && !eregi(DOL_MAIN_URL_ROOT, $_SERVER['HTTP_REFERER']))
 accessforbidden();
 
 if (!$user->admin)