Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
Disable covert redirects and CSRF token leaking
This disallows the url() function from returning any remote URLs. This prevents covert redirects, and also prevents us from leaking CSRF tokens to outside parties. Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
- Loading branch information