Revision 184f551f
b/snf-astakos-app/astakos/im/settings.py | ||
---|---|---|
192 | 192 |
KAMAKI_CONFIG_CLOUD_NAME = getattr(settings, |
193 | 193 |
'ASTAKOS_KAMAKI_CONFIG_CLOUD_NAME', |
194 | 194 |
None) |
195 |
|
|
196 |
REDIRECT_ALLOWED_SCHEMES = getattr(settings, |
|
197 |
'ASTAKOS_REDIRECT_ALLOWED_SCHEMES', |
|
198 |
('pithos',)) |
b/snf-astakos-app/astakos/im/views/target/redirect.py | ||
---|---|---|
47 | 47 |
from astakos.im.views.decorators import cookie_fix |
48 | 48 |
|
49 | 49 |
import astakos.im.messages as astakos_messages |
50 |
from astakos.im.settings import REDIRECT_ALLOWED_SCHEMES |
|
50 | 51 |
|
51 | 52 |
import logging |
52 | 53 |
|
... | ... | |
69 | 70 |
if not next: |
70 | 71 |
next = reverse('index') |
71 | 72 |
|
72 |
if not restrict_next(next, allowed_schemes=('pithos',)):
|
|
73 |
if not restrict_next(next, allowed_schemes=REDIRECT_ALLOWED_SCHEMES):
|
|
73 | 74 |
return HttpResponseForbidden(_( |
74 | 75 |
astakos_messages.NOT_ALLOWED_NEXT_PARAM)) |
75 | 76 |
force = request.GET.get('force', None) |
Also available in: Unified diff