Ticket #987: redirect_absoluteuri.patch

django/middleware/common.py

@@ -1 +1 @@
 from django.conf import settings
 from django import http
 from django.core.mail import mail_managers
+from urlparse import urljoin
 import md5
 import re
 
@@ -17 +18 @@
         - ETags: If the USE_ETAGS setting is set, ETags will be calculated from
           the entire page content and Not Modified responses will be returned
           appropriately.
+
+        - Absolute URI redirects: Ensures that any redirect attempt (which uses
+          the HTTP Location header) to a relative location is converted to an
+          absolute URI, as required by RFC 2616, section 14.30.
     """
 
     def process_request(self, request):
@@ -84 +89 @@
             else:
                 response['ETag'] = etag
 
+        # Absolute URI redirects.
+        if 'Location' in response.headers:
+            location = response['Location']
+            if not ':' in location:
+                current_uri = '%s://%s%s' % (request.is_secure() and 'https' or 'http',
+                                             http.get_host(request),
+                                             request.path)
+                response['Location'] = urljoin(current_uri, location)
+
         return response
 
 def _is_ignorable_404(uri):

docs/middleware.txt

@@ -78 +78 @@
   MD5-hashing the page content, and it'll take care of sending
   ``Not Modified`` responses, if appropriate.
 
+* Ensures that any redirect attempt to a relative location is converted to an
+  absolute URI, as required by `RFC 2616`_.
+
+.. _RFC 2616: http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30
+
 django.middleware.doc.XViewMiddleware
 -------------------------------------