docs: quick tutorial cleanups #3760
Merged
Commits on Jun 10, 2024
-
docs: remove 'came_from' from login view
- The narrative doesn't discuss this (mis-)feature. - Without any authorization, there is no meaninful reason to remember the 'previous' page. - As a general rule, we want to avoid trusting user-supplied data (i.e., from the query string or form params) when constructing redirect URLs.
-
fix: store 'came_from' information in the session
- As with the previous commit, we want to avoid trusting user-supplied data from the query string or form parameters when constructing redirect URLs. - Storing the route name and matchdict for the view being forbidden in the session allows us to construct the redirect URL on successful login cleanly. - In order to clarify that the logic of storing the 'came from' information is separate from rendering or processing the login form, this PR splits the `@forbidden_view` mapping onto a separate view function.
-
chore: remove 'retail_forms' fossil
Ten years on, it has never landed in the generated docs.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.