1 == Restrict login redirect ==
3 As a security best-practice, Evergreen should not allow arbitrary
4 redirection on successful login, but instead limit redirection to
5 local links or configured domains and schemes.
7 This feature is controlled by a new global flag called *opac.login_redirect_domains*
8 which must contain a comma-separated list of domains. All hostnames
9 under each domain is allowed for redirect, and the scheme of the
10 redirect URL must be one of http, https, ftp, or ftps.