Forum OpenACS Q&A: Re: Redirction to external hosts is not allowed

Collapse
6: Re: Redirction to external hosts is not allowed (response to 5)
Posted by Ryan Gallimore on 11/15/09 10:53 PM
Would it be safe to trust the IndexRedirectURL parameter URL?

I would grep the code for IndexRedirectURL to find the call to ad_returnredirect and then add the switch -allow_complete_url.

My opinion is that we can always trust the configured value, so a redirect to another port is possible.

Collapse
7: Re: Redirction to external hosts is not allowed (response to 6)
Posted by Dave Bauer on 11/15/09 11:00 PM
Ryan, that is reasonable, but, that should probably be a relative URL anyway.