Skip to content

Commit d48f9ae

Browse files
edited comments
1 parent b16005c commit d48f9ae

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

framework/auth/views.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1207,11 +1207,12 @@ def validate_next_url(next_url):
12071207
:return: True if valid, False otherwise
12081208
"""
12091209

1210-
# disable external domain using `//`: the browser allows `//` as a shortcut for non-protocol specific requests
1211-
# like http:// or https:// depending on the use of SSL on the page already.
1210+
# allow redirection to angular locally
12121211
if settings.LOCAL_ANGULAR_URL in next_url and settings.DEBUG_MODE:
12131212
return True
12141213

1214+
# disable external domain using `//`: the browser allows `//` as a shortcut for non-protocol specific requests
1215+
# like http:// or https:// depending on the use of SSL on the page already.
12151216
if next_url.startswith('//'):
12161217
return False
12171218

0 commit comments

Comments
 (0)