Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

docs: quick tutorial cleanups #3760

Merged
merged 3 commits into from
Jun 10, 2024
Merged

docs: quick tutorial cleanups #3760

merged 3 commits into from
Jun 10, 2024

Conversation

tseaver
Copy link
Member

@tseaver tseaver commented Jun 10, 2024

No description provided.

tseaver added 3 commits June 9, 2024 21:09
- The narrative doesn't discuss this (mis-)feature.

- Without any authorization, there is no meaninful reason to remember
  the 'previous' page.

- As a general rule, we want to avoid trusting user-supplied data (i.e.,
  from the query string or form params) when constructing redirect URLs.
- As with the previous commit, we want to avoid trusting user-supplied data
  from the query string or form parameters when constructing redirect URLs.

- Storing the route name and matchdict for the view being forbidden in
  the session allows us to construct the redirect URL on successful
  login cleanly.

- In order to clarify that the logic of storing the 'came from'
  information is separate from rendering or processing the login form,
  this PR splits the `@forbidden_view` mapping onto a separate view function.
Ten years on, it has never landed in the generated docs.
Copy link
Member

@stevepiercy stevepiercy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thank you!

@tseaver tseaver merged commit ef0f686 into main Jun 10, 2024
28 checks passed
@tseaver tseaver deleted the tseaver-qt_cleanup branch June 10, 2024 16:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants