DanielBrierton
commented
7 years ago Whitelist seems to be the only way to go with this. Would need a CDF admin panel for modifying the list so we're not hardcoding it.
Open Wardormeur opened 7 years ago
DanielBrierton
commented
7 years ago Whitelist seems to be the only way to go with this. Would need a CDF admin panel for modifying the list so we're not hardcoding it.
When using cd-theme, the login action redirects to Zen and use Zen's login system, which is fine when used on coderdojo.com, but not "good enough" when used on coderdojonsw.org.au. Allowing a redirection to the requesting domain is necessary, but apart from whitelisting, I can't think of any way to avoid abuse of this redirect for malicious intent. Thoughts? @rosalanghammer @DanielBrierton cc @Aryess