From d4f4ab306a70b5e09392f8a97ba831bafa86bd41 Mon Sep 17 00:00:00 2001 From: dgtlmoon Date: Tue, 8 Feb 2022 21:12:44 +0100 Subject: [PATCH] Dont allow redirect on login, it's safer and more reliable this way (#414) --- changedetectionio/__init__.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/changedetectionio/__init__.py b/changedetectionio/__init__.py index 396b7be0..bb1dd457 100644 --- a/changedetectionio/__init__.py +++ b/changedetectionio/__init__.py @@ -224,10 +224,18 @@ def changedetection_app(config=None, datastore_o=None): if (user.check_password(password)): flask_login.login_user(user, remember=True) - next = request.args.get('next') + + # For now there's nothing else interesting here other than the index/list page + # It's more reliable and safe to ignore the 'next' redirect + # When we used... + # next = request.args.get('next') + # return redirect(next or url_for('index')) + # We would sometimes get login loop errors on sites hosted in sub-paths + + # note for the future: # if not is_safe_url(next): # return flask.abort(400) - return redirect(next or url_for('index')) + return redirect(url_for('index')) else: flash('Incorrect password', 'error')