def validate_redirect(self, redirect_to): parsed = urlparse(str(redirect_to)) if not parsed.scheme: raise DisallowedRedirect("OAuth2 redirects require a URI scheme.") if parsed.scheme not in self.allowed_schemes: raise DisallowedRedirect( "Redirect to scheme {!r} is not permitted".format(parsed.scheme) )
def __init__(self, redirect_to, *args, **kwargs): parsed = urlparse(force_text(redirect_to)) if parsed.scheme and parsed.scheme not in self.allowed_schemes: raise DisallowedRedirect( "Unsafe redirect to URL with protocol '%s'" % parsed.scheme) super(HttpResponseRedirectBase, self).__init__(*args, **kwargs) self['Location'] = iri_to_uri(redirect_to)
def __init__(self, redirect_to, *args, **kwargs): super().__init__(*args, **kwargs) self["Location"] = iri_to_uri(redirect_to) parsed = urlparse(str(redirect_to)) if parsed.scheme and parsed.scheme not in self.allowed_schemes: raise DisallowedRedirect( "Unsafe redirect to URL with protocol '%s'" % parsed.scheme)
def __init__(self, redirect_to, allowed_schemes=None, *args, **kwargs): super().__init__(*args, **kwargs) self['Location'] = iri_to_uri(redirect_to) if allowed_schemes is not None: parsed = urlparse(str(redirect_to)) if parsed.scheme and parsed.scheme not in allowed_schemes: raise DisallowedRedirect( "Unsafe redirect to URL with protocol '%s'" % parsed.scheme)
def get_next_redirect_url(self, request: HttpRequest) -> Optional[str]: user = getattr(request, 'user', None) if user.is_authenticated: self.logout(request) next_url = get_social_next_from_referer_url(request) next_url = build_absolute_uri(request, next_url) r = urlparse(next_url) host = r.netloc domain, port = split_domain_port(host) allowed_hosts = settings.ALLOWED_HOSTS if domain and validate_host(domain, allowed_hosts): return next_url raise DisallowedRedirect("Attempted access from '%s' denied." % next_url)