To combat XSS, Django has altered HttpResponseRedirect to contain a list of allowed_schemes. Since we try to redirect to the indivo-framework scheme as part of our auth flow, this will now cause a SuspiciousOperation Exception to be raised in the patched versions of Django.
We can address that when updating the OAuth flow to match SMART 0.6: selecting a record is the correct callback link already, we don't need to go back to the UI server and do a redirect from there.
To combat XSS, Django has altered
HttpResponseRedirect
to contain a list ofallowed_schemes
. Since we try to redirect to theindivo-framework
scheme as part of our auth flow, this will now cause aSuspiciousOperation
Exception to be raised in the patched versions of Django.