mirror of
				https://github.com/django/django.git
				synced 2025-10-25 22:56:12 +00:00 
			
		
		
		
	Fixed #27352 -- Doc'd social media fingerprinting consideration with login's redirect_authenticated_user.
This commit is contained in:
		
				
					committed by
					
						 Tim Graham
						Tim Graham
					
				
			
			
				
	
			
			
			
						parent
						
							2327fad54e
						
					
				
				
					commit
					b5fc192b99
				
			| @@ -253,6 +253,7 @@ fallback | |||||||
| fallbacks | fallbacks | ||||||
| faq | faq | ||||||
| FastCGI | FastCGI | ||||||
|  | favicon | ||||||
| fieldset | fieldset | ||||||
| fieldsets | fieldsets | ||||||
| filename | filename | ||||||
|   | |||||||
| @@ -1006,6 +1006,15 @@ implementation details see :ref:`using-the-views`. | |||||||
|       authenticated users accessing the login page will be redirected as if |       authenticated users accessing the login page will be redirected as if | ||||||
|       they had just successfully logged in. Defaults to ``False``. |       they had just successfully logged in. Defaults to ``False``. | ||||||
|  |  | ||||||
|  |       .. warning:: | ||||||
|  |  | ||||||
|  |         If you enable ``redirect_authenticated_user``, other websites will be | ||||||
|  |         able to determine if their visitors are authenticated on your site by | ||||||
|  |         requesting redirect URLs to image files on your website. To avoid | ||||||
|  |         this "`social media fingerprinting | ||||||
|  |         <https://robinlinus.github.io/socialmedia-leak/>`_" information | ||||||
|  |         leakage, host all images and your favicon on a separate domain. | ||||||
|  |  | ||||||
|     * ``success_url_allowed_hosts``: A :class:`set` of hosts, in addition to |     * ``success_url_allowed_hosts``: A :class:`set` of hosts, in addition to | ||||||
|       :meth:`request.get_host() <django.http.HttpRequest.get_host>`, that are |       :meth:`request.get_host() <django.http.HttpRequest.get_host>`, that are | ||||||
|       safe for redirecting after login. Defaults to an empty :class:`set`. |       safe for redirecting after login. Defaults to an empty :class:`set`. | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user