Restrict login redirects to relative URLs

Description

None

Environment

None

Activity

Show:
Blair McKenzie
February 19, 2020, 2:24 AM

The `url.redirectURL` parameter is now ignored if it is not relative to the current domain (i.e. it must start with `/`).

Assignee

Unassigned

Reporter

Blair McKenzie

Labels

None

Components

Fix versions

Priority

Major
Configure