mirror of
				https://github.com/django/django.git
				synced 2025-10-26 15:16:09 +00:00 
			
		
		
		
	[1.10.x] Fixed #27352 -- Doc'd social media fingerprinting consideration with login's redirect_authenticated_user.
Backport of b5fc192b99 from master
			
			
This commit is contained in:
		
				
					committed by
					
						 Tim Graham
						Tim Graham
					
				
			
			
				
	
			
			
			
						parent
						
							64e4adbfef
						
					
				
				
					commit
					d3ca290778
				
			| @@ -253,6 +253,7 @@ fallback | ||||
| fallbacks | ||||
| faq | ||||
| FastCGI | ||||
| favicon | ||||
| fieldset | ||||
| fieldsets | ||||
| filename | ||||
|   | ||||
| @@ -999,6 +999,15 @@ implementation details see :ref:`using-the-views`. | ||||
|       authenticated users accessing the login page will be redirected as if | ||||
|       they had just successfully logged in. Defaults to ``False``. | ||||
|  | ||||
|       .. warning:: | ||||
|  | ||||
|         If you enable ``redirect_authenticated_user``, other websites will be | ||||
|         able to determine if their visitors are authenticated on your site by | ||||
|         requesting redirect URLs to image files on your website. To avoid | ||||
|         this "`social media fingerprinting | ||||
|         <https://robinlinus.github.io/socialmedia-leak/>`_" information | ||||
|         leakage, host all images and your favicon on a separate domain. | ||||
|  | ||||
|     .. deprecated:: 1.9 | ||||
|  | ||||
|         The ``current_app`` parameter is deprecated and will be removed in | ||||
|   | ||||
		Reference in New Issue
	
	Block a user