fix #307
open redirect can only occur on GET. However, I'm not sure if users can somehow change the POST next value in the multiple places it's used, and I'm not going to spend time auditing this. They should not, but just in case I've added the safe redirect for POST as well. Plus, this way I won't forget about safe redirect since it's everywhere
fix #307 open redirect can only occur on GET. However, I'm not sure if users can somehow change the POST next value in the multiple places it's used, and I'm not going to spend time auditing this. They should not, but just in case I've added the safe redirect for POST as well. Plus, this way I won't forget about safe redirect since it's everywhere