#26956 closed New feature (fixed)
Allow additional safe hosts for "next" parameter during login
| Reported by: | Jon Dufresne | Owned by: | nobody |
|---|---|---|---|
| Component: | contrib.auth | Version: | dev |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
Use case:
- Django application using auth for authentication
- Django application is one part of a loosely coupled network of applications written in multiple languages/frameworks
- These other applications are hosted on different domains
- Goal, upon successful login, Django should be able to redirect to these other applications
To solve this use case I propose the following changes:
- Change
is_safe_url()so thehostargument can also accept a list of hosts. - Change
LoginViewto add a new class memberallowed_hosts. This member is a list of allowed hosts to pass tois_safe_url()inLoginView.get_success_url(). I thinkself.request.get_host()will always be implicitly added to this list.
Change History (7)
comment:1 by , 9 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
comment:2 by , 9 years ago
comment:4 by , 9 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
Note:
See TracTickets
for help on using tickets.
As
allowed_hostswould only be used by theget_success_url()method I suggest giving the class member or method a more explicit name (get_success_url_allowed_hosts()?)