OK. I need to check when and why this got broken. This will be fixed by the next stable version. Please open a ticket so it is tracked.
On Aug 25, 1:35 pm, Anthony <abasta...@gmail.com> wrote: > On Thursday, August 25, 2011 2:12:37 PM UTC-4, Massimo Di Pierro wrote: > > > We do not allow redirection outside the app, unless there is a bug. > > Yes, looks like we do. In Auth.login(): > > if next == DEFAULT: > next = request.get_vars._next \ > or request.post_vars._next \ > or self.settings.login_next > [snip] > redirect(next) > > So, the login action will redirect to whatever URL is in the _next variable > of the query string. Just tried it and was able to redirect to an external > URL. > > Anthony
