On 16/09/15 21:34, Mads Kiilerich wrote: >> >> Also, reject came_from URL not belonging to our application. > > It seems to be that the problem is that we put the absolute URL > (url.current()) in came_from; instead we should use PATH_INFO which is > relative to SCRIPT_NAME.
Putting a bogus URL (which it honestly is) didn't seem a good idea to me, that's why I decided to do it this way. -- Cheers, Andrew
signature.asc
Description: OpenPGP digital signature
_______________________________________________ kallithea-general mailing list [email protected] http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
