#17296: staff_login_required decorator redirecting to default Login redirect
instead of requested
-------------------------------+--------------------------------------
Reporter: ayarshabeer | Owner: nobody
Type: Bug | Status: new
Component: HTTP handling | Version: 1.3
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Changes (by aaugustin):
* needs_docs: => 0
* needs_tests: => 0
* needs_better_patch: => 0
Old description:
> While I am trying to access staff_required URL in the application it will
> shows admin login page but after I given login credential it redirect to
> default login redirect page (account/profile) instead of my requested
> staff page.
>
> After I went through the django code I found that in login_required
> decorator (django/contrib/auth/views) there is checking for host
> ''' netloc = urlparse.urlparse(redirect_to)[1]
> '''
> # Use default setting if redirect_to is empty
> if not redirect_to:
> redirect_to = settings.LOGIN_REDIRECT_URL
>
> # Security check -- don't allow redirection to a different
> # host.
> ''' elif netloc and netloc != request.get_host():
> redirect_to = settings.LOGIN_REDIRECT_URL'''
>
> but this never succeed because staff_required decorator passing
> redirect_to value as request_full_path() and it doesnot contain host
> name.
New description:
While I am trying to access staff_required URL in the application it will
shows admin login page but after I given login credential it redirect to
default login redirect page (account/profile) instead of my requested
staff page.
After I went through the django code I found that in login_required
decorator (django/contrib/auth/views) there is checking for host
{{{
''' netloc = urlparse.urlparse(redirect_to)[1]
'''
# Use default setting if redirect_to is empty
if not redirect_to:
redirect_to = settings.LOGIN_REDIRECT_URL
# Security check -- don't allow redirection to a different
# host.
''' elif netloc and netloc != request.get_host():
redirect_to = settings.LOGIN_REDIRECT_URL'''
}}}
but this never succeed because staff_required decorator passing
redirect_to value as request_full_path() and it doesnot contain host name.
--
Comment:
(Sort of) fixed formatting.
--
Ticket URL: <https://code.djangoproject.com/ticket/17296#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to django-updates@googlegroups.com.
To unsubscribe from this group, send email to
django-updates+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
