Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

docs: quick tutorial cleanups #3760

Merged
merged 3 commits into from
Jun 10, 2024
Merged

docs: quick tutorial cleanups #3760

merged 3 commits into from
Jun 10, 2024

Conversation

tseaver
Copy link
Member

@tseaver tseaver commented Jun 10, 2024

No description provided.

@tseaver
docs: remove 'came_from' from login view
c923514 
- The narrative doesn't discuss this (mis-)feature.

- Without any authorization, there is no meaninful reason to remember
  the 'previous' page.

- As a general rule, we want to avoid trusting user-supplied data (i.e.,
  from the query string or form params) when constructing redirect URLs.
@tseaver
fix: store 'came_from' information in the session
e72d437 
- As with the previous commit, we want to avoid trusting user-supplied data
  from the query string or form parameters when constructing redirect URLs.

- Storing the route name and matchdict for the view being forbidden in
  the session allows us to construct the redirect URL on successful
  login cleanly.

- In order to clarify that the logic of storing the 'came from'
  information is separate from rendering or processing the login form,
  this PR splits the `@forbidden_view` mapping onto a separate view function.
@tseaver
chore: remove 'retail_forms' fossil
1ebd988 
Ten years on, it has never landed in the generated docs.
stevepiercy
stevepiercy approved these changes Jun 10, 2024
View reviewed changes
Copy link
Member

@stevepiercy stevepiercy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thank you!

@tseaver tseaver merged commit ef0f686 into main Jun 10, 2024
28 checks passed
@tseaver tseaver deleted the tseaver-qt_cleanup branch June 10, 2024 16:09
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@stevepiercy stevepiercy stevepiercy approved these changes

@pauleveritt pauleveritt Awaiting requested review from pauleveritt

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tseaver @stevepiercy