From da7886d340dd2b622d58313fdfad27dd16a83c1d Mon Sep 17 00:00:00 2001
From: =?utf8?q?Mat=C3=ADas=20Aguirre?= <matiasaguirre@gmail.com>
Date: Tue, 6 Sep 2011 20:25:29 -0300
Subject: [PATCH] Switch for sanitize redirect call

---
 README.rst            | 5 +++++
 doc/configuration.rst | 5 +++++
 social_auth/views.py  | 7 +++++--
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/README.rst b/README.rst
index 3feeeac..9620066 100644
--- a/README.rst
+++ b/README.rst
@@ -303,6 +303,11 @@ Configuration
 
       <uppercase backend name>_AUTH_EXTRA_ARGUMENTS = {...}
 
+- By default the application doesn't make redirects to different domains, to
+  disable this behavior::
+
+      SOCIAL_AUTH_SANITIZE_REDIRECTS = False
+
 
 -------
 Signals
diff --git a/doc/configuration.rst b/doc/configuration.rst
index 7ed85fb..74144d9 100644
--- a/doc/configuration.rst
+++ b/doc/configuration.rst
@@ -207,6 +207,11 @@ Configuration
 
       <uppercase backend name>_AUTH_EXTRA_ARGUMENTS = {...}
 
+- By default the application doesn't make redirects to different domains, to
+  disable this behavior::
+
+      SOCIAL_AUTH_SANITIZE_REDIRECTS = False
+
 
 .. _Model Manager: http://docs.djangoproject.com/en/dev/topics/db/managers/#managers
 .. _Login URL: http://docs.djangoproject.com/en/dev/ref/settings/?from=olddocs#login-url
diff --git a/social_auth/views.py b/social_auth/views.py
index cb32e68..d084fb8 100644
--- a/social_auth/views.py
+++ b/social_auth/views.py
@@ -40,6 +40,7 @@ BACKEND_ERROR_REDIRECT = _setting('SOCIAL_AUTH_BACKEND_ERROR_URL',
                                   LOGIN_ERROR_URL)
 ERROR_KEY = _setting('SOCIAL_AUTH_BACKEND_ERROR', 'socialauth_backend_error')
 NAME_KEY = _setting('SOCIAL_AUTH_BACKEND_KEY', 'socialauth_backend_name')
+SANITIZE_REDIRECTS = _setting('SOCIAL_AUTH_SANITIZE_REDIRECTS', True)
 
 
 def dsa_view(redirect_name=None):
@@ -134,8 +135,10 @@ def auth_process(request, backend):
         data = request.POST if request.method == 'POST' else request.GET
         if REDIRECT_FIELD_NAME in data:
             # Check and sanitize a user-defined GET/POST redirect_to field value.
-            redirect = sanitize_redirect(request.get_host(),
-                                         data[REDIRECT_FIELD_NAME])
+            redirect = data[REDIRECT_FIELD_NAME]
+
+            if SANITIZE_REDIRECTS:
+                redirect = sanitize_redirect(request.get_host(), redirect)
             request.session[REDIRECT_FIELD_NAME] = redirect or DEFAULT_REDIRECT
 
     if backend.uses_redirect:
-- 
2.39.5