Ticket #4685: check_protocol.2.diff

File check_protocol.2.diff, 957 bytes (added by Jeff Hilyard <jhilyard@…>, 8 years ago)

Added startswith("https://") check

  • django/views/defaults.py

     
    2121    # if necessary.
    2222
    2323    # If the object actually defines a domain, we're done.
    24     if absurl.startswith('http://'):
     24    if absurl.startswith('http://') or absurl.startswith('https://'):
    2525        return http.HttpResponseRedirect(absurl)
    2626
    2727    object_domain = None
     
    6161    # If all that malarkey found an object domain, use it; otherwise fall back
    6262    # to whatever get_absolute_url() returned.
    6363    if object_domain is not None:
    64         return http.HttpResponseRedirect('http://%s%s' % (object_domain, absurl))
     64        protocol = request.is_secure() and 'https' or 'http'
     65        return http.HttpResponseRedirect('%s://%s%s' % (protocol, object_domain, absurl))
    6566    else:
    6667        return http.HttpResponseRedirect(absurl)
    6768
Back to Top