Monday, July 26, 2021

What is the necessity of success_url_allowed_hosts on a LogoutView?

success_url_allowed_hosts: A set of hosts, in addition to request.get_host(), that are safe for redirecting after logout. Defaults to an empty set.

What could go wrong if evilwebsite.com is included in success_url_allowed_hosts?

--
You received this message because you are subscribed to the Google Groups "Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/7f6ee52c-de74-4ca0-8e70-cd97d577cc54n%40googlegroups.com.

No comments:

Post a Comment