Browse Source

Merge "django22: Call 'is_safe_url' with 'allowed_hosts'"

tags/16.0.0.0b2
Zuul 1 week ago
parent
commit
cfb907f803
1 changed files with 3 additions and 3 deletions
  1. 3
    3
      openstack_auth/views.py

+ 3
- 3
openstack_auth/views.py View File

@@ -237,7 +237,7 @@ def switch(request, tenant_id, redirect_field_name=auth.REDIRECT_FIELD_NAME):
237 237
     # Ensure the user-originating redirection url is safe.
238 238
     # Taken from django.contrib.auth.views.login()
239 239
     redirect_to = request.GET.get(redirect_field_name, '')
240
-    if not is_safe_url(url=redirect_to, host=request.get_host()):
240
+    if not is_safe_url(url=redirect_to, allowed_hosts=[request.get_host()]):
241 241
         redirect_to = settings.LOGIN_REDIRECT_URL
242 242
 
243 243
     if auth_ref:
@@ -270,7 +270,7 @@ def switch_region(request, region_name,
270 270
                   region_name, request.user.username)
271 271
 
272 272
     redirect_to = request.GET.get(redirect_field_name, '')
273
-    if not is_safe_url(url=redirect_to, host=request.get_host()):
273
+    if not is_safe_url(url=redirect_to, allowed_hosts=[request.get_host()]):
274 274
         redirect_to = settings.LOGIN_REDIRECT_URL
275 275
 
276 276
     response = shortcuts.redirect(redirect_to)
@@ -299,7 +299,7 @@ def switch_keystone_provider(request, keystone_provider=None,
299 299
         raise exceptions.KeystoneAuthException(msg)
300 300
 
301 301
     redirect_to = request.GET.get(redirect_field_name, '')
302
-    if not is_safe_url(url=redirect_to, host=request.get_host()):
302
+    if not is_safe_url(url=redirect_to, allowed_hosts=[request.get_host()]):
303 303
         redirect_to = settings.LOGIN_REDIRECT_URL
304 304
 
305 305
     unscoped_auth_ref = None

Loading…
Cancel
Save