#13751: Avoid open redirect issue with whitelist
-------------------------------------+-------------------------------------
Reporter: anonymous | Owner:
| marcaurele
Type: New feature | Status: assigned
Component: HTTP handling | Version: master
Severity: Normal | Resolution:
Keywords: open redirect, | Triage Stage: Accepted
security |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by marcaurele):
Added a new settings REDIRECT_WHITELIST_URLS to allow a list of urls for
redirection outside the application host. The match is done in
utils.http.is_safe_url(). All tests passed, and the new setting has been
documented.
https://github.com/marcaurele/django/tree/ticket_13751
--
Ticket URL: <https://code.djangoproject.com/ticket/13751#comment:15>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/067.a6e1e44f24212f68b29c09b1ce542be6%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
