Fund: Allow additional trusted hosts during callback redirect

Allow additional trusted hosts during callback redirect

1 month ago

👍

During development, our Django backend runs at http://localhost:8000/ while the frontend is at http://localhost:5173/.

The following host verification code restricts the redirect to the current request's host.

django-auth-adfs/django_auth_adfs/views.py

Lines 54 to 59 in 9415d8a

    
           url_is_safe = url_has_allowed_host_and_scheme( 
        
               url=redirect_to, 
        
               allowed_hosts=[request.get_host()], 
        
               require_https=request.is_secure(), 
        
           ) 
        
           redirect_to = redirect_to if url_is_safe else '/'

Could it be possible to merge in Django's ALLOWED_HOSTS setting so we can redirect them back to the original client that may be at a different host?

snok/django-auth-adfs

Allow additional trusted hosts during callback redirect

How does funding with Polar work?

Backer

Contributor

Maintainer

	url_is_safe = url_has_allowed_host_and_scheme(
	url=redirect_to,
	allowed_hosts=[request.get_host()],
	require_https=request.is_secure(),
	)
	redirect_to = redirect_to if url_is_safe else '/'

snok/django-auth-adfs

Allow additional trusted hosts during callback redirect

How does funding with Polar work?

Backer

Why does "Fund on completion" require GitHub login?

When is the invoice due for "Fund on completion"?

What happens if the issue is never completed?

Do I get any extra benefits by funding?

Do I get progress updates?

Contributor

Do I get a reward?

Is rewards guaranteed?

Maintainer

How can I get funding like this for my open source initiatives?