Fixed
- Security: Studio does not allow arbitrary
return.targetURLs anymore. Instead, there is a whitelist that can only be specified insettings.toml. Only the domain studio is deployed on and the domains in that whitelist are allowed asreturn.target. #721 - Settings given via the
config=parameter do not allow parsing during validation anymore. That means thatloginProvided = "true"will not work anymore. It's highly unlikely someone actually used it that way. #721
Changed
- Slightly improve English translation strings #723