astakos: REDIRECT_ALLOWED_SCHEMES hidden setting

snf-astakos-app/astakos/im/settings.py

@@ -192,3 +192,7 @@ API_CLIENT_URL = getattr(settings, 'ASTAKOS_API_CLIENT_URL',
 KAMAKI_CONFIG_CLOUD_NAME = getattr(settings,
                                    'ASTAKOS_KAMAKI_CONFIG_CLOUD_NAME',
                                    None)
+
+REDIRECT_ALLOWED_SCHEMES = getattr(settings,
+                                   'ASTAKOS_REDIRECT_ALLOWED_SCHEMES',
+                                   ('pithos',))

snf-astakos-app/astakos/im/views/target/redirect.py

@@ -47,6 +47,7 @@ from astakos.im.functions import login as auth_login, logout
 from astakos.im.views.decorators import cookie_fix
 
 import astakos.im.messages as astakos_messages
+from astakos.im.settings import REDIRECT_ALLOWED_SCHEMES
 
 import logging
 
@@ -69,7 +70,7 @@ def login(request):
     if not next:
         next = reverse('index')
 
-    if not restrict_next(next, allowed_schemes=('pithos',)):
+    if not restrict_next(next, allowed_schemes=REDIRECT_ALLOWED_SCHEMES):
         return HttpResponseForbidden(_(
             astakos_messages.NOT_ALLOWED_NEXT_PARAM))
     force = request.GET.get('force', None)