+++ /dev/null
-== Restrict login redirect ==
-
-As a security best-practice, Evergreen should not allow arbitrary
-redirection on successful login, but instead limit redirection to
-local links or configured domains and schemes.
-
-This feature is controlled by a new global flag called *opac.login_redirect_domains*
-which must contain a comma-separated list of domains. All hostnames
-under each domain is allowed for redirect, and the scheme of the
-redirect URL must be one of http, https, ftp, or ftps.
-