Currently, if no credentials are submitted, the
``RedirectingFormPlugin`` still redirects to "came_from" or
HTTP_REFERER. That means that if a user visits the login-url
directly, he'll be redirected to wherever he came from (no-where).
This behavior is tested of course, so it's obviously intentional, but
what's the motivation?
Also, should it be possible to login using a GET request? Could this
be an alternative policy for choosing when to redirect.
Repoze-dev mailing list