During development, our Django backend runs at http://localhost:8000/ while the frontend is at http://localhost:5173/.
The following host verification code restricts the redirect to the current request's host.
|
url_is_safe = url_has_allowed_host_and_scheme( |
|
url=redirect_to, |
|
allowed_hosts=[request.get_host()], |
|
require_https=request.is_secure(), |
|
) |
|
redirect_to = redirect_to if url_is_safe else '/' |
Could it be possible to merge in Django's ALLOWED_HOSTS setting so we can redirect them back to the original client that may be at a different host?
During development, our Django backend runs at
http://localhost:8000/while the frontend is athttp://localhost:5173/.The following host verification code restricts the redirect to the current request's host.
django-auth-adfs/django_auth_adfs/views.py
Lines 54 to 59 in 9415d8a
Could it be possible to merge in Django's ALLOWED_HOSTS setting so we can redirect them back to the original client that may be at a different host?