Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#16901 closed Uncategorized (wontfix)

Admin: Post save redirect behaves differently since 1.3.1

Reported by: Lenz Hirsch <hirsch@…> Owned by: nobody
Component: Uncategorized Version: 1.3
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no


If the django development server sits behind some sort of reverse proxy for example MAMP and therefore the django admin site is used with a virtual host/domain name for example "" the post save 302 redirect goes to instead This happens if you save any model instance over the admin since 1.3.1. If you go back to 1.3 the 302 uses the correct hostname instead of IP:port address.

Change History (2)

comment:1 Changed 7 years ago by Carl Meyer

Resolution: wontfix
Status: newclosed

I believe this is due to the fix for one of the security issues that necessitated the release of 1.3.1 - the possibility of an attacker spoofing the X-Forwarded-Host header and poisoning the cache with pages served with wrong URLs. As mentioned in the security advisory linked from the 1.3.1 release notes, part of the fix for this involved disabling use of the X-Forwarded-Host header by default. You can re-enable it via the USE_X_FORWARDED_HOST setting, which I'm guessing will fix your problem. You should be aware, though, that if your site is ever not behind a proxy that sets and validates the X-Forwarded-Host header, having this setting set to True is a security risk.

Hope that helps - thanks for the report!

comment:2 Changed 7 years ago by Lenz Hirsch <hirsch@…>

Thanks a lot!


indeed fixes the problem.

Note: See TracTickets for help on using tickets.
Back to Top