Opened 12 years ago
Last modified 12 years ago
#17296 closed Bug
staff_login_required decorator redirecting to default Login redirect instead of requested — at Initial Version
| Reported by: | ayarshabeer | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.admin | Version: | 1.3 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Design decision needed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
While I am trying to access staff_required URL in the application it will shows admin login page but after I given login credential it redirect to default login redirect page (account/profile) instead of my requested staff page.
After I went through the django code I found that in login_required decorator (django/contrib/auth/views) there is checking for host
netloc = urlparse.urlparse(redirect_to)[1]
# Use default setting if redirect_to is empty
if not redirect_to:
redirect_to = settings.LOGIN_REDIRECT_URL
# Security check -- don't allow redirection to a different
# host.
elif netloc and netloc != request.get_host():
redirect_to = settings.LOGIN_REDIRECT_URL
but this never succeed because staff_required decorator passing redirect_to value as request_full_path() and it doesnot contain host name.