#26956: Allow additional safe hosts for "next" parameter during login
------------------------------+--------------------
Reporter: jdufresne | Owner: nobody
Type: New feature | Status: new
Component: contrib.auth | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------
Use case:
* Django application using auth for authentication
* Django application is one part of a loosely coupled network of
applications written in multiple languages/frameworks
* These other applications are hosted on different domains
* '''Goal''', upon successful login, Django should be able to redirect to
these other applications
To solve this use case I propose the following changes:
* Change `is_safe_url()` so the `host` argument can also accept a list of
hosts.
* Change `LoginView` to add a new class member `allowed_hosts`. This
member is a list of allowed hosts to pass to `is_safe_url()` in
`LoginView.get_success_url()`. I think `self.request.get_host()` will
always be implicitly added to this list.
--
Ticket URL: <https://code.djangoproject.com/ticket/26956>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/052.0fdec447c7db31c0d6b57d647951de9f%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
