Django/django
11
0
Fork 0
Code Pull Requests Projects Releases Activity

[1.10.x] Fixed #27352 -- Doc'd social media fingerprinting consideration with login's redirect_authenticated_user.

Browse Source 
Backport of b5fc192b99ce92a7ccad08cca7b59b1a4e7ca230 from master
This commit is contained in:
Markus Holtermann 2016-10-15 20:32:19 +02:00 committed by Tim Graham
parent 64e4adbfef
commit d3ca290778
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docs/spelling_wordlist
View File

@ -253,6 +253,7 @@ fallback
fallbacks fallbacks
faq faq
FastCGI FastCGI
favicon
fieldset fieldset
fieldsets fieldsets
filename filename

9
docs/topics/auth/default.txt
View File

@ -999,6 +999,15 @@ implementation details see :ref:`using-the-views`.
authenticated users accessing the login page will be redirected as if authenticated users accessing the login page will be redirected as if
they had just successfully logged in. Defaults to ``False``. they had just successfully logged in. Defaults to ``False``.
.. warning::
If you enable ``redirect_authenticated_user``, other websites will be
able to determine if their visitors are authenticated on your site by
requesting redirect URLs to image files on your website. To avoid
this "`social media fingerprinting
<https://robinlinus.github.io/socialmedia-leak/>`_" information
leakage, host all images and your favicon on a separate domain.
.. deprecated:: 1.9 .. deprecated:: 1.9
The ``current_app`` parameter is deprecated and will be removed in The ``current_app`` parameter is deprecated and will be removed in