Ubuntu
horizon package

  1. Bug #1039077
  2. Comment #12

Comment 12 for bug 1039077

Revision history for this message
Vincent Untz (vuntz) wrote : Re: open redirect / phishing attack via "next" parameter

I haven't tested the patch, but it makes sense to me.

Note that my earlier patch was really just mimicking what django is doing: https://github.com/django/django/blob/master/django/contrib/auth/views.py#L49

So if we go for this more solid version, we might want to add that to django_openstack_auth for Folsom (or even better, to fix this in django upstream).