#31764 closed New feature (needsinfo)
Add a way to allow subdomain wildcards in the set of allowed hosts for redirects after login/logout
Reported by: | Jordan Hayashi | Owned by: | nobody |
---|---|---|---|
Component: | contrib.auth | Version: | dev |
Severity: | Normal | Keywords: | |
Cc: | Triage Stage: | Unreviewed | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
The ALLOWED_HOSTS setting allows you to set wildcard subdomains. There is a success_url_allowed_hosts attribute in the LoginView and LogoutView, but these don't accept wildcard subdomains. It would be nice to add an option that allows that.
I have prepared a patch here: https://github.com/jhhayashi/django/tree/jhh/allow_wildcard_host_redirects
Change History (2)
comment:1 by , 5 years ago
Version: | 3.1 → master |
---|
comment:2 by , 5 years ago
Resolution: | → needsinfo |
---|---|
Status: | new → closed |
Note:
See TracTickets
for help on using tickets.
Hi Jordan. Thanks for the idea.
I'm not sure what to say:
How pressing is the need? Do we want to add the additional complexity here to save updating a presumably small list of subdomains that we'd actually redirect to? For those cases that truly need a dynamic wildcard value, should we not prefer recommending a subclass in that case, thereby keeping the API simpler for the vast majority of use-cases? (And so on.)
There's two steps:
allow_wildcards
todjango.utils.http.url_has_allowed_host_and_scheme()
The handy Compare view.
Can I ask you to propose this on the DevelopersMailingList for a wider audience? Please explain your use-case and hint at answers to the questions here.
If there's consensus there then we can proceed.
Thanks.