Forum OpenACS Q&A: Re: Redirction to external hosts is not allowed

Posted by Ryan Gallimore on
Would it be safe to trust the IndexRedirectURL parameter URL?

I would grep the code for IndexRedirectURL to find the call to ad_returnredirect and then add the switch -allow_complete_url.

My opinion is that we can always trust the configured value, so a redirect to another port is possible.

Posted by Dave Bauer on
Ryan, that is reasonable, but, that should probably be a relative URL anyway.