diff options
Diffstat (limited to 'core/views/auth.py')
| -rw-r--r-- | core/views/auth.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/core/views/auth.py b/core/views/auth.py index 2257dd0..c4e78de 100644 --- a/core/views/auth.py +++ b/core/views/auth.py @@ -5,7 +5,7 @@ from django.contrib.auth import forms as auth_forms from django.contrib.auth import login, logout from django.contrib.auth.decorators import login_required from django.shortcuts import redirect, render -from django.utils.http import is_safe_url +from django.utils.http import url_has_allowed_host_and_scheme """This enforces the login requirement for non-public pages using the decorator mechanism. @@ -80,7 +80,7 @@ def redirect_after_login(request): nxt = request.GET.get("next", None) if nxt is None: return redirect(settings.LOGIN_REDIRECT_URL) - elif not is_safe_url(url=nxt, allowed_hosts={request.get_host()}, require_https=request.is_secure()): + elif not url_has_allowed_host_and_scheme(url=nxt, allowed_hosts={request.get_host()}, require_https=request.is_secure()): return redirect(settings.LOGIN_REDIRECT_URL) else: return redirect(nxt) |