projects / evergreen-equinox.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw
3.11 Release Notes
[evergreen-equinox.git] / docs / RELEASE_NOTES_NEXT / OPAC / login-redirect-restriction.adoc
diff --git a/docs/RELEASE_NOTES_NEXT/OPAC/login-redirect-restriction.adoc b/docs/RELEASE_NOTES_NEXT/OPAC/login-redirect-restriction.adoc
deleted file mode 100644 (file)
index ed06019..0000000
--- a/docs/RELEASE_NOTES_NEXT/OPAC/login-redirect-restriction.adoc
+++ /dev/null
@@ -1,11 +0,0 @@
-== Restrict login redirect ==
-
-As a security best-practice, Evergreen should not allow arbitrary
-redirection on successful login, but instead limit redirection to
-local links or configured domains and schemes.
-
-This feature is controlled by a new global flag called *opac.login_redirect_domains*
-which must contain a comma-separated list of domains.  All hostnames
-under each domain is allowed for redirect, and the scheme of the
-redirect URL must be one of http, https, ftp, or ftps.
-
Evergreen with Equinox developments in process and local tweaks