edited comments

Author: ihorsokhanexoft

framework/auth/views.py

@@ -1207,11 +1207,12 @@ def validate_next_url(next_url):
     :return: True if valid, False otherwise
     """
 
-    # disable external domain using `//`: the browser allows `//` as a shortcut for non-protocol specific requests
-    # like http:// or https:// depending on the use of SSL on the page already.
+    # allow redirection to angular locally
     if settings.LOCAL_ANGULAR_URL in next_url and settings.DEBUG_MODE:
         return True
 
+    # disable external domain using `//`: the browser allows `//` as a shortcut for non-protocol specific requests
+    # like http:// or https:// depending on the use of SSL on the page already.
     if next_url.startswith('//'):
         return False