Add helper to refer views back to http referers safely
In most cases, we want to return back to where we came from after performing an action. It's not safe to return to an arbitrary referer, so this streamlines using the util validator to verify the redirect and fall back on regular redirect params if the referer is outside our domain.
This commit is contained in:
parent
ded3f469ef
commit
2de115fc1e
3 changed files with 19 additions and 6 deletions
|
|
@ -2,12 +2,12 @@
|
|||
from bookwyrm.settings import DOMAIN, USE_HTTPS
|
||||
|
||||
|
||||
def validate_url_domain(url, default="/"):
|
||||
def validate_url_domain(url):
|
||||
"""Basic check that the URL starts with the instance domain name"""
|
||||
if not url:
|
||||
return default
|
||||
return None
|
||||
|
||||
if url in ("/", default):
|
||||
if url == "/":
|
||||
return url
|
||||
|
||||
protocol = "https://" if USE_HTTPS else "http://"
|
||||
|
|
@ -16,4 +16,4 @@ def validate_url_domain(url, default="/"):
|
|||
if url.startswith(origin):
|
||||
return url
|
||||
|
||||
return default
|
||||
return None
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue