From 19835cc16b7d0740f091585ba364d21ed822f49a Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Mon, 6 Feb 2017 18:05:12 +0100 Subject: [PATCH 1/2] Documented the security options related to redirections --- reference/configuration/security.rst | 35 ++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst index 971a050676c..093f5f5fe9f 100644 --- a/reference/configuration/security.rst +++ b/reference/configuration/security.rst @@ -318,10 +318,37 @@ request to the ``check_path`` URL. Redirecting after Login ~~~~~~~~~~~~~~~~~~~~~~~ -* ``always_use_default_target_path`` (type: ``boolean``, default: ``false``) -* ``default_target_path`` (type: ``string``, default: ``/``) -* ``target_path_parameter`` (type: ``string``, default: ``_target_path``) -* ``use_referer`` (type: ``boolean``, default: ``false``) +always_use_default_target_path +.............................. + +**type**: ``boolean`` **default** ``false`` + +If ``true``, users are always redirected to the default target path regardless +of the previous URL that was stored in the session. + +default_target_path +.................... + +**type**: ``string``, **default**: ``/`` + +The page users are redirect to when there is no previous page stored in the +session (for example when the users access directly to the login page). + +target_path_parameter +..................... + +**type**: ``string``, **default**: ``_target_path`` + +When using a login form, if you include an HTML element to set the target path, +this option lets you change the name of the HTML element itself. + +use_referer +........... + +**type**: ``boolean``, **default**: ``false`` + +If ``true``, the user is redirected to the value stored in the ``HTTP_REFERER`` +header when no previous URL was stored in the session. .. _reference-security-pbkdf2: From a9a98287858be2c87f94f2f5e30bc3e65e820cc1 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Sun, 12 Feb 2017 13:35:31 +0100 Subject: [PATCH 2/2] Minor fixes --- reference/configuration/security.rst | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst index 093f5f5fe9f..58807091f3a 100644 --- a/reference/configuration/security.rst +++ b/reference/configuration/security.rst @@ -321,7 +321,7 @@ Redirecting after Login always_use_default_target_path .............................. -**type**: ``boolean`` **default** ``false`` +**type**: ``boolean`` **default**: ``false`` If ``true``, users are always redirected to the default target path regardless of the previous URL that was stored in the session. @@ -329,15 +329,15 @@ of the previous URL that was stored in the session. default_target_path .................... -**type**: ``string``, **default**: ``/`` +**type**: ``string`` **default**: ``/`` -The page users are redirect to when there is no previous page stored in the -session (for example when the users access directly to the login page). +The page users are redirected to when there is no previous page stored in the +session (for example, when the users browse the login page directly). target_path_parameter ..................... -**type**: ``string``, **default**: ``_target_path`` +**type**: ``string`` **default**: ``_target_path`` When using a login form, if you include an HTML element to set the target path, this option lets you change the name of the HTML element itself. @@ -345,7 +345,7 @@ this option lets you change the name of the HTML element itself. use_referer ........... -**type**: ``boolean``, **default**: ``false`` +**type**: ``boolean`` **default**: ``false`` If ``true``, the user is redirected to the value stored in the ``HTTP_REFERER`` header when no previous URL was stored in the session.