diff options
| author | Nick Pope <nick.pope@flightdataservices.com> | 2018-03-12 15:48:46 +0000 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2018-04-19 10:21:24 -0400 |
| commit | df90e462d91d3a77aa89b69d791bf17c2bf7ff9b (patch) | |
| tree | 5e154830e7ecac46e1faa47ff0e7ab3ff96ff701 /docs/topics/auth/default.txt | |
| parent | c2598a6f4d3ddaf27e9d6d240e7efe664504d6ad (diff) | |
Fixed #29212 -- Doc'd redirect loop if @permission_required used with redirect_authenticated_user.
Diffstat (limited to 'docs/topics/auth/default.txt')
| -rw-r--r-- | docs/topics/auth/default.txt | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/docs/topics/auth/default.txt b/docs/topics/auth/default.txt index 3d9317f8f6..9f864c64d7 100644 --- a/docs/topics/auth/default.txt +++ b/docs/topics/auth/default.txt @@ -712,6 +712,10 @@ The ``permission_required`` decorator def my_view(request): ... + This also avoids a redirect loop when :class:`.LoginView`'s + ``redirect_authenticated_user=True`` and the logged-in user doesn't have + all of the required permissions. + .. currentmodule:: django.contrib.auth.mixins The ``PermissionRequiredMixin`` mixin @@ -981,6 +985,10 @@ implementation details see :ref:`using-the-views`. <https://robinlinus.github.io/socialmedia-leak/>`_" information leakage, host all images and your favicon on a separate domain. + Enabling ``redirect_authenticated_user`` can also result in a redirect + loop when using the :func:`.permission_required` decorator + unless the ``raise_exception`` parameter is used. + * ``success_url_allowed_hosts``: A :class:`set` of hosts, in addition to :meth:`request.get_host() <django.http.HttpRequest.get_host>`, that are safe for redirecting after login. Defaults to an empty :class:`set`. |