<uppercase backend name>_AUTH_EXTRA_ARGUMENTS = {...}
+- By default the application doesn't make redirects to different domains, to
+ disable this behavior::
+
+ SOCIAL_AUTH_SANITIZE_REDIRECTS = False
+
-------
Signals
<uppercase backend name>_AUTH_EXTRA_ARGUMENTS = {...}
+- By default the application doesn't make redirects to different domains, to
+ disable this behavior::
+
+ SOCIAL_AUTH_SANITIZE_REDIRECTS = False
+
.. _Model Manager: http://docs.djangoproject.com/en/dev/topics/db/managers/#managers
.. _Login URL: http://docs.djangoproject.com/en/dev/ref/settings/?from=olddocs#login-url
LOGIN_ERROR_URL)
ERROR_KEY = _setting('SOCIAL_AUTH_BACKEND_ERROR', 'socialauth_backend_error')
NAME_KEY = _setting('SOCIAL_AUTH_BACKEND_KEY', 'socialauth_backend_name')
+SANITIZE_REDIRECTS = _setting('SOCIAL_AUTH_SANITIZE_REDIRECTS', True)
def dsa_view(redirect_name=None):
data = request.POST if request.method == 'POST' else request.GET
if REDIRECT_FIELD_NAME in data:
# Check and sanitize a user-defined GET/POST redirect_to field value.
- redirect = sanitize_redirect(request.get_host(),
- data[REDIRECT_FIELD_NAME])
+ redirect = data[REDIRECT_FIELD_NAME]
+
+ if SANITIZE_REDIRECTS:
+ redirect = sanitize_redirect(request.get_host(), redirect)
request.session[REDIRECT_FIELD_NAME] = redirect or DEFAULT_REDIRECT
if backend.uses_redirect:
projects / django-social-auth.git / commitdiff