Closed edmundoa closed 8 years ago
Do not redirect to absolute URLs after login, as this could allow someone to send a manipulated URL pointing to any external (and potentially dangerous) site.
Do not redirect to absolute URLs after login, as this could allow someone to send a manipulated URL pointing to any external (and potentially dangerous) site.