Allowing / Blocking redirects to external URLs
If you get error messages like "A redirection to an external URL was blocked for security reasons.", check this configuration variable.
/** * Most of the time, the best security practice is to NOT allow redirects from your current site to another domain. * That is, unless you specifically configured a redirected post. * If this doesn't work for you, you can change this security policy here. * * Possible values: * - 'always' : Always allow redirects to a different domain * - 'all_collections_and_redirected_posts' ( Default ): Allow redirects to all collection domains, ALL SUB-DOMAINS of $basehost or redirects of posts with redirected status * - 'only_redirected_posts' : Allow redirects to a different domain only in case of posts with redirected status * - 'never' : Force redirects to the same domain in all of the cases, and never allow redirect to a different domain */ $allow_redirects_to_different_domain = 'all_collections_and_redirected_posts';
Note: we use this default because it has been repeatedly recommended by security analysts who performed pentests on b2evolution.