© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Thanks, Blake, for offering up this feature. A few comments:
1) A lot of the above discussion here is about the use of referring URL to authenticate and provide access. I fully agree with Thomas that it isn't real security, but I also fully agree with Justin that this is beside the point. Many (most?) library vendors already allow it, so we should take advantage of that where we can and not over-complicate things.
2) The implementation here looks solid. One concern I have is that we appear to be using some "homemade" URL component encoding and GET param parsing. We should probably be encoding/decoding the destination as a genuine URL component instead.
3) This redirect should be optional. I don't think YAOUS is needed, just a quick option in config.tt2.
4) Opinion only, but "intendedurl" feels funny for the param name. Maybe 'destination', or 'goto'? Just a thought.
5) This will need documentation, particularly the https wrinkle. In fact, the current code's mass change of everything to https at the destination is going to box in any library who needs the referrer for some links but needs good-old http for others. It almost seems better just leave the protocol as-is from the record, and require changes to https on the data-side where needed. Any better ideas here?