[Django] #31764: Add a way to allow subdomain wildcards in the set of allowed hosts for redirects after login/logout

5 views
Skip to first unread message

Django

unread,
Jul 4, 2020, 10:13:08 PM7/4/20
to django-...@googlegroups.com
#31764: Add a way to allow subdomain wildcards in the set of allowed hosts for
redirects after login/logout
----------------------------------------+------------------------
Reporter: jhhayashi | Owner: nobody
Type: New feature | Status: new
Component: contrib.auth | Version: 3.1
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 1
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
----------------------------------------+------------------------
The ALLOWED_HOSTS setting allows you to set wildcard subdomains. There is
a success_url_allowed_hosts attribute in the LoginView and LogoutView, but
these don't accept wildcard subdomains. It would be nice to add an option
that allows that.

I have prepared a patch here:
https://github.com/jhhayashi/django/tree/jhh/allow_wildcard_host_redirects

--
Ticket URL: <https://code.djangoproject.com/ticket/31764>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Jul 4, 2020, 10:13:50 PM7/4/20
to django-...@googlegroups.com
#31764: Add a way to allow subdomain wildcards in the set of allowed hosts for
redirects after login/logout
------------------------------+--------------------------------------

Reporter: jhhayashi | Owner: nobody
Type: New feature | Status: new
Component: contrib.auth | Version: master
Severity: Normal | Resolution:

Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
------------------------------+--------------------------------------
Changes (by jhhayashi):

* version: 3.1 => master


--
Ticket URL: <https://code.djangoproject.com/ticket/31764#comment:1>

Django

unread,
Jul 7, 2020, 3:29:36 AM7/7/20
to django-...@googlegroups.com
#31764: Add a way to allow subdomain wildcards in the set of allowed hosts for
redirects after login/logout
--------------------------------+--------------------------------------
Reporter: Jordan Hayashi | Owner: nobody
Type: New feature | Status: closed
Component: contrib.auth | Version: master
Severity: Normal | Resolution: needsinfo

Keywords: | Triage Stage: Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
--------------------------------+--------------------------------------
Changes (by Carlton Gibson):

* status: new => closed
* resolution: => needsinfo


Comment:

Hi Jordan. Thanks for the idea.

I'm not sure what to say:

How pressing is the need? Do we want to add the additional complexity here
to save updating a presumably small list of subdomains that we'd actually
redirect to? For those cases that truly need a dynamic wildcard value,
should we not prefer recommending a subclass in that case? (And so on.)

There's two steps:

* Adding `allow_wildcards` to
`django.utils.http.url_has_allowed_host_and_scheme()`
* And using that in Login/Logout view.

The handy
[https://github.com/django/django/compare/master...jhhayashi:jhh/allow_wildcard_host_redirects
Compare view].

Can I ask you to propose this on the DevelopersMailingList for a wider
audience? Please explain your use-case and hint at answers to the
questions here.
If there's consensus there then we can proceed.
Thanks.

--
Ticket URL: <https://code.djangoproject.com/ticket/31764#comment:2>

Reply all
Reply to author
Forward
0 new messages