mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 14:16:09 +00:00
Code Issues 32 Releases Wiki Activity

Refs #26902 -- Protected against insecure redirects in Login/LogoutView.

Browse Source
This commit is contained in:
Przemysław Suliga
2016-08-19 13:40:21 +02:00
committed by Tim Graham
parent 5e5a17028f
commit 549b90fab3
3 changed files with 51 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/releases/1.11.txt
View File

@@ -356,6 +356,13 @@ to assign a free port. The ``DJANGO_LIVE_TEST_SERVER_ADDRESS`` environment
variable is no longer used, and as it's also no longer used, the
``manage.py test --liveserver`` option is removed.
Protection against insecure redirects in :mod:`django.contrib.auth` views
-------------------------------------------------------------------------
``LoginView`` and ``LogoutView`` (and the deprecated function-based equivalents)
protect users from being redirected to non-HTTPS ``next`` URLs when the app
is running over HTTPS.
Miscellaneous
-------------