Fix: dont allow allauth redirects to any host (#5783)

---------

Co-authored-by: Trenton H <797416+stumpylog@users.noreply.github.com>
This commit is contained in:
shamoon
2024-02-15 16:37:34 -08:00
committed by GitHub
parent 8d664fad56
commit f1049cf889
3 changed files with 47 additions and 1 deletions

View File

@@ -193,6 +193,7 @@ urlpatterns = [
RedirectView.as_view(
url=settings.STATIC_URL + "frontend/en-US/assets/%(path)s",
),
# TODO: with localization, this is even worse! :/
),
# App logo
re_path(
@@ -200,7 +201,6 @@ urlpatterns = [
serve,
kwargs={"document_root": os.path.join(settings.MEDIA_ROOT, "logo")},
),
# TODO: with localization, this is even worse! :/
# login, logout
path("accounts/", include("allauth.urls")),
# Root of the Frontend