Fix for immediate logout with next="/logout"
Fix tolino per default with deactivated Strict-Transport-Security
This commit is contained in:
parent
eff8480d5c
commit
f06cc25a99
@ -132,7 +132,8 @@ def add_security_headers(resp):
|
||||
resp.headers['X-Content-Type-Options'] = 'nosniff'
|
||||
resp.headers['X-Frame-Options'] = 'SAMEORIGIN'
|
||||
resp.headers['X-XSS-Protection'] = '1; mode=block'
|
||||
# resp.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains'
|
||||
if "tolino" not in request.headers.get('User-Agent'):
|
||||
resp.headers['Strict-Transport-Security'] = 'max-age=31536000; includeSubDomains'
|
||||
log.debug(request.headers)
|
||||
return resp
|
||||
|
||||
@ -1439,6 +1440,8 @@ def login():
|
||||
flash(_(u"Wrong Username or Password"), category="error")
|
||||
|
||||
next_url = request.args.get('next', default=url_for("web.index"), type=str)
|
||||
if url_for("web.logout") == next_url:
|
||||
next_url = url_for("web.index")
|
||||
return render_title_template('login.html',
|
||||
title=_(u"login"),
|
||||
next_url=next_url,
|
||||
|
Loading…
Reference in New Issue
Block a user