Remmoves insecure redirects
This should really fundamentally work differently, but this is a quick for for now to avoid an insecure redirect. There will be a negative impact on user experience from this, and a followup change should look into these views and improve their flow.
This commit is contained in:
parent
e3dbe5a142
commit
661865de87
6 changed files with 19 additions and 21 deletions
|
|
@ -70,7 +70,7 @@ class Goal(View):
|
|||
privacy=goal.privacy,
|
||||
)
|
||||
|
||||
return redirect(request.headers.get("Referer", "/"))
|
||||
return redirect("user-goal", request.user.localname, year)
|
||||
|
||||
|
||||
@require_POST
|
||||
|
|
@ -79,4 +79,4 @@ def hide_goal(request):
|
|||
"""don't keep bugging people to set a goal"""
|
||||
request.user.show_goal = False
|
||||
request.user.save(broadcast=False, update_fields=["show_goal"])
|
||||
return redirect(request.headers.get("Referer", "/"))
|
||||
return redirect("/")
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue