Skip to content

Allow additional trusted hosts during callback redirect #355

Description

@axieum

During development, our Django backend runs at http://localhost:8000/ while the frontend is at http://localhost:5173/.

The following host verification code restricts the redirect to the current request's host.

url_is_safe = url_has_allowed_host_and_scheme(
url=redirect_to,
allowed_hosts=[request.get_host()],
require_https=request.is_secure(),
)
redirect_to = redirect_to if url_is_safe else '/'

Could it be possible to merge in Django's ALLOWED_HOSTS setting so we can redirect them back to the original client that may be at a different host?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions