So imagine your auth server lives on a subdomain. How are you going to use ?next= parameter if you want user to get back to the main domain, or even some other domain for whatever reason?
This solves it by introducint the ALLOWED_REDIRECT_HOSTS setting. Disadvantage of this approach is that you can't possibly apply it to a wildcard.
Another approach could be to figure out the lowest level common domain, but it just feels less safe.
Don't hesitate to criticize this, as I just chose the most obvious solution. There might be a better way to achieve what I want.
omab
commented
8 years ago
So imagine your auth server lives on a subdomain. How are you going to use ?next= parameter if you want user to get back to the main domain, or even some other domain for whatever reason?
This solves it by introducint the ALLOWED_REDIRECT_HOSTS setting. Disadvantage of this approach is that you can't possibly apply it to a wildcard.
Another approach could be to figure out the lowest level common domain, but it just feels less safe.
Don't hesitate to criticize this, as I just chose the most obvious solution. There might be a better way to achieve what I want.