id summary reporter owner description type status component version severity resolution keywords cc stage has_patch needs_docs needs_tests needs_better_patch easy ui_ux 18856 avoid set_language redirect to different host Gunnar nobody "{{{ next = request.REQUEST.get('next', None) if not next: next = request.META.get('HTTP_REFERER', None) }}} HTTP_REFERER can be from different host, specially when using an external SSO Authentication provider. Then redirecting causes an infinite loop. Solution: Like in django.contrib.auth.login: {{{ next = request.REQUEST.get('next', None) if not next: next = request.META.get('HTTP_REFERER', None) netloc = urlparse.urlparse(next)[1] # don't allow redirection to a different # host. if netloc and netloc != request.get_host(): next = '/' }}} " Bug closed Uncategorized dev Release blocker fixed set_language redirect infinite loop Gunnar Scherf Florian Apolloner Accepted 1 0 0 1 0 0