DisallowedRedirect (Unsafe redirect to URL with protocol) Django
Question
I am getting DisallowedRedirect error when i am logging user in The two views are
def login(request):
c={}
c.update(csrf(request))
form=LoginForm()
errors=()
c['form']=form
c['errors']=errors
return render(request,'news/login.html',c)
def auth_view(request):
username=request.POST.get('username','')
password=request.POST.get('password','')
user=auth.authenticate(username=username,password=password)
if user is not None:
auth.login(request,user)
return HttpResponseRedirect('news:home',request)
else:
form=LoginForm()
errors=('Invalid Username or Password',)
return render(request,'news/login.html', {'form':form,'errors':errors})
5 answers
solution1
25 ACCPTED 2015-12-25 19:55:51
instead of
return HttpResponseRedirect('news:home',request)
this:
return HttpResponseRedirect(reverse('news:home'))
or
return redirect('news:home')
or
return redirect(reverse('news:home'))
solution2
8 2019-08-09 10:29:05
HttpResponseRedirect.allowed_schemes.append('news')
solution3
5 2020-06-16 17:28:44
In addition to the current answers if you want to redirect to an custom scheme, you can use following code:
class CustomSchemeRedirect(HttpResponsePermanentRedirect):
allowed_schemes = ['tg']
def redirect(request):
return CustomSchemeRedirect('tg://resolve?domain=durov')
solution4
2 2018-05-09 06:28:55
Make sure that when you get this error you have the correct scheme supplied in front of your URL. By default the django.http.HttpResponseRedirect does not allow redirects to URLs that don't start with one of the following schemes:
- http
- https
- ftp
So if the URL you supply is, for example, localhost:8000 make sure you change it to http://localhost:8000 to get it to work.
solution5
0 2021-12-14 18:18:48
Don't forget that apart from enabling the redirect, nowadays Safari won't open your redirected deep links unless you do the work outlined here: https://developer.apple.com/documentation/xcode/supporting-associated-domains
- Add the url path into your Django app:
path('.well-known/apple-app-site-association', views.web.links.appleAppSiteAssociation, name='.well-known/apple-app-site-association'),
- The view should return a JSON response:
def appleAppSiteAssociation(request_):
"""
Tell Apple that certain URL patterns can open the app
:param request_:
:return:
"""
json = {
"applinks": {
"details": [
{
"appIDs": ["MY.APP.BUNDLEID"],
"components": [
{
"#": "no_universal_links",
"exclude": True,
"comment": "Matches any URL whose fragment equals no_universal_links and instructs the system not to open it as a universal link"
},
{
"/": "/dataUrl=*",
"comment": "Matches any URL whose path starts with /dataUrl="
},
]
}
]
},
"webcredentials": {
"apps": ["MY.APP.BUNDLEID"]
},
}
return JsonResponse(json)
- Add the
webcredentials:MYPROTOCOLinto the Associated Domains in XCode
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.