Opened 8 years ago
Last modified 7 years ago
#28473 new Bug
Consider SCRIPT_NAME for SECURE_REDIRECT_EXEMPT setting
Reported by: | Jonas Haag | Owned by: | nobody |
---|---|---|---|
Component: | HTTP handling | Version: | 1.11 |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Accepted | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Pull Requests: | How to create a pull request | ||
According to the ticket's flags, the next step(s) to move this issue forward are:
- To provide a patch by sending a pull request. Claim the ticket when you start working so that someone else doesn't duplicate effort. Before sending a pull request, review your work against the patch review checklist. Check the "Has patch" flag on the ticket after sending a pull request and include a link to the pull request in the ticket comment when making that update. The usual format is:
[https://github.com/django/django/pull/#### PR]
.
Change History (3)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
See #25598 for discussion of the use case (the setting should be independent from the subpath the application is mounted at). This breaks existing sites, yes. I haven't had a look into the implementation.
comment:3 by , 7 years ago
Component: | Uncategorized → HTTP handling |
---|---|
Triage Stage: | Unreviewed → Accepted |
Note:
See TracTickets
for help on using tickets.
I guess the idea would be to use
request.path_info
instead ofrequest.path
in the SecurityMiddleware?Can you elaborate on the use case and how the behavior will change? Could the change break existing working configurations?