Refs #26956 -- Removed the host parameter of django.utils.http.is_safe_url().

Per deprecation timeline.

1 files changed, 1 insertions, 11 deletions

diff --git a/django/utils/http.py b/django/utils/http.py
index 07b6ae246a..c13f44602b 100644
--- a/django/utils/http.py
+++ b/django/utils/http.py
@@ -3,7 +3,6 @@ import calendar
 import datetime
 import re
 import unicodedata
-import warnings
 from binascii import Error as BinasciiError
 from email.utils import formatdate
 from urllib.parse import (
@@ -14,7 +13,6 @@ from urllib.parse import (
 
 from django.core.exceptions import TooManyFieldsSent
 from django.utils.datastructures import MultiValueDict
-from django.utils.deprecation import RemovedInDjango21Warning
 from django.utils.encoding import force_bytes
 from django.utils.functional import keep_lazy_text
 
@@ -264,7 +262,7 @@ def is_same_domain(host, pattern):
     )
 
 
-def is_safe_url(url, host=None, allowed_hosts=None, require_https=False):
+def is_safe_url(url, allowed_hosts=None, require_https=False):
     """
     Return ``True`` if the url is a safe redirection (i.e. it doesn't point to
     a different host and uses a safe scheme).
@@ -280,14 +278,6 @@ def is_safe_url(url, host=None, allowed_hosts=None, require_https=False):
         return False
     if allowed_hosts is None:
         allowed_hosts = set()
-    if host:
-        warnings.warn(
-            "The host argument is deprecated, use allowed_hosts instead.",
-            RemovedInDjango21Warning,
-            stacklevel=2,
-        )
-        # Avoid mutating the passed in allowed_hosts.
-        allowed_hosts = allowed_hosts | {host}
     # Chrome treats \ completely as / in paths but it could be part of some
     # basic auth credentials so we need to check both URLs.
     return (_is_safe_url(url, allowed_hosts, require_https=require_https) and