Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#31764 closed New feature (needsinfo)

Add a way to allow subdomain wildcards in the set of allowed hosts for redirects after login/logout

Reported by: Jordan Hayashi Owned by: nobody
Component: contrib.auth Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The ALLOWED_HOSTS setting allows you to set wildcard subdomains. There is a success_url_allowed_hosts attribute in the LoginView and LogoutView, but these don't accept wildcard subdomains. It would be nice to add an option that allows that.

I have prepared a patch here: https://github.com/jhhayashi/django/tree/jhh/allow_wildcard_host_redirects

Change History (2)

comment:1 by Jordan Hayashi, 4 years ago

Version: 3.1master

comment:2 by Carlton Gibson, 4 years ago

Resolution: needsinfo
Status: newclosed

Hi Jordan. Thanks for the idea.

I'm not sure what to say:

How pressing is the need? Do we want to add the additional complexity here to save updating a presumably small list of subdomains that we'd actually redirect to? For those cases that truly need a dynamic wildcard value, should we not prefer recommending a subclass in that case? (And so on.)

There's two steps:

  • Adding allow_wildcards to django.utils.http.url_has_allowed_host_and_scheme()
  • And using that in Login/Logout view.

The handy Compare view.

Can I ask you to propose this on the DevelopersMailingList for a wider audience? Please explain your use-case and hint at answers to the questions here.
If there's consensus there then we can proceed.
Thanks.

Version 0, edited 4 years ago by Carlton Gibson (next)
Note: See TracTickets for help on using tickets.
Back to Top