Backup

Author: Vlad0n20

framework/auth/views.py

@@ -1200,7 +1200,7 @@ def validate_campaign(campaign):
 def validate_next_url(next_url):
     """
     Non-view helper function that checks `next_url`.
-    Only allow redirects which are relative root or full domain (CAS, OSF and MFR).
+    Only allow redirects which are relative root or full domain (CAS, OSF, MFR and Angular frontend).
     Disallows external redirects.
 
     :param next_url: the next url to check
@@ -1212,7 +1212,7 @@ def validate_next_url(next_url):
     if next_url.startswith('//'):
         return False
 
-    # only OSF, MFR, CAS and Branded Preprints domains are allowed
+    # only OSF, MFR, CAS, Branded Preprints, and Angular frontend domains are allowed
     if next_url[0] == '/' or next_url.startswith(settings.DOMAIN):
         # OSF
         return True
@@ -1226,6 +1226,8 @@ def validate_next_url(next_url):
         # Branded Preprints Phase 2
         if next_url.startswith(url):
             return True
+    if settings.LOCAL_ANGULAR_URL and next_url.startswith(settings.LOCAL_ANGULAR_URL):
+        return True
 
     return False
 

website/settings/defaults.py

@@ -103,6 +103,9 @@ def parent_dir(path):
 EXTERNAL_EMBER_SERVER_TIMEOUT = 3.05
 EXTERNAL_EMBER_APPS = {}
 
+# Local Angular frontend URL (used for validating next_url redirects during login/logout)
+LOCAL_ANGULAR_URL = ''
+
 LOG_PATH = os.path.join(APP_PATH, 'logs')
 TEMPLATES_PATH = os.path.join(BASE_PATH, 'templates')
 

website/settings/local-dist.py

@@ -53,6 +53,8 @@
     },
 }
 
+LOCAL_ANGULAR_URL = 'http://localhost:4200'
+
 SEARCH_ENGINE = 'elastic'
 ELASTIC_TIMEOUT = 10