Internal Redirects with Apache

[anonymous]

The CGI specification allows for a CGI script to return a 'Location' header
which refers to a location within the local web server. In Apache this is honoured when the Status returned by the CGI script is also 200. mod_wsgi also supports this. See ​http://code.google.com/p/modwsgi/issues/detail?id=14.

[6164] added the host to all redirects. While this is good for 99.9% of use cases, this makes these sorts of internal redirects impossible with django. Would it be reasonable to change fix_location_header to only add the host if the response code is not 200? Or we could add a variable such as Response.add_host_to_location that defaults to True that could be used to control this behavior on a per response basis. I'd be happy to work on the path for this once I hear back which implementation would be more likely to be accepted.

[Preston Holmes]

One can not assume that all responses Django will serve will be going through a CGI spec compliant interface. So it does not make sense to make this change in core.

There are a number of other limitations with the feature, one being that the request_method is converted to GET and any request content is lost. If the redirect is just to static content, there is likely something better that can be done with mod_rewrite, or in a real edge case, one could put together django middleware that would strip out the host portion before returning.

[anonymous]

This cannot be done with middleware. apply_response_fixes gets called after middleware has already had it's shot at the response. Mod_rewrite doesn't help when you want django to do some checks and only conditionally pass the internal redirect response. Leaving the only possible option an ugly hack.

request.get_host = lambda: ''

While we shouldn't assume that all responses will support the CGI spec, it also doesn't seem right to me to break a widely used standard such as CGI in core with no clean way to get the standard behavior.

I'm leaving as closed but in case any core devs reconsider I would still be happy to contribute a patch that would allow a clean way to get this behavior.

[Carl Meyer]

Given that both CGI and mod_wsgi support this, I think that Django should provide a clean way to return a host-free Location header (not by default, but by request). Not entirely sure what that ought to look like, but a flag on HttpResponse sounds as reasonable as anything.

[anonymous]

Anyone have any feedback on add_host_to_location.3.diff.

[Tomek Paczkowski]

I could not apply patch. I'm getting this:

$ curl https://code.djangoproject.com/raw-attachment/ticket/17092/add_host_to_location.3.diff | git apply
fatal: corrupt patch at line 97

[anonymous]

After 3 years a patch goes stale, updated it. Lets see if it takes another three years for someone to look at it.

[Aymeric Augustin]

I think this asks the broader question of Django's unconditional fixes. We recently removed some fixes for IE 4-6 and Netscape 4.

Rather than tainting the HttpResponse API with a kwarg for each unconditional "fix" (or "break"), shouldn't we move them to the CommonMiddleware?

[anonymous]

I would agree with that, but before putting the time for that sort of re-factor, i'd like to make sure it's going to get accepted.

Time for django-developers i guess.

[Aymeric Augustin]

Yes, django-developers it is.

[Tim Graham]

Reading the ​django-developers thread it seems like a different solution is desired.

[Collin Anderson]

This should in theory get fixed by #23960