3.0.2 change - restrict redirect on login?

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Suggested Hosts
Post Reply
Amezis
Registered User
Posts: 116
Joined: Sun Jul 24, 2005 9:10 am
Location: Oslo, Norway
Contact:

3.0.2 change - restrict redirect on login?

Post by Amezis »

In phpBB 3.0.2's changelog, the following line bothers me:
  • [Change] Don't allow redirects to different domains. (thanks nookieman)
My forum is a subdomain, forums.mysite.com. On www.mysite.com, I have a login box, which has a post action taking the user to forums.mysite.com (to log in), and then back to www.mysite.com using the login redirect feature (to the last visited page). My cookie settings are set to allow every subdomain under .mysite.com, so the user will stay logged in at forums.mysite.com, www.mysite.com and something.mysite.com. However, will the login redirect still work for www.mysite.com, which is technically another domain than forums.mysite.com?
Amezis

Wise men talk because they have something to say; fools, because they have to say something. -Plato
User avatar
Kellanved
Former Team Member
Posts: 2635
Joined: Wed Jan 26, 2005 2:48 pm
Location: Meta-level

Re: 3.0.2 change - restrict redirect on login?

Post by Kellanved »

No, that will in fact not work any more.

As possible workaround you could add a redirect script in forum.yourdomain.com to do the cross-domain redirect. I'm sorry about the inconvenience; the underlying issue was that we didn't want "forum.yourdomain.com" links leading to arbitrary (possibly malicious) pages.
Nocando is in Idontwanna county. No support via PM
Post Reply

Return to “phpBB Discussion”