RedirectURLMixin
This class provides logic for handling URL redirections by retrieving and validating a target URL from request parameters or a default setting. It ensures security by verifying that the redirect URL uses an allowed host and scheme before returning it. The mixin is designed to be used within class-based views to manage post-action navigation consistently.
Attributes
| Attribute | Type | Description |
|---|---|---|
| next_page | string = None | The default URL or named URL pattern to redirect to if no valid redirect URL is found in the request. |
| redirect_field_name | string = REDIRECT_FIELD_NAME | The name of the query parameter or form field that contains the URL for post-login or post-action redirection. |
| success_url_allowed_hosts | set = set() | A set of additional hostnames that are considered safe for redirects to prevent open redirect vulnerabilities. |
Methods
get_success_url()
@classmethod
def get_success_url() - > string
Determines the final destination URL by attempting to retrieve a user-provided redirect URL before falling back to the default URL.
Returns
| Type | Description |
|---|---|
string | The validated redirect URL or the configured default success URL. |
get_redirect_url()
@classmethod
def get_redirect_url(
request: [HttpRequest](../../../http/request/httprequest.md?sid=django_http_request_httprequest) = null
) - > string
Return the user-originating redirect URL if it's safe.
Parameters
| Name | Type | Description |
|---|---|---|
| request | [HttpRequest](../../../http/request/httprequest.md?sid=django_http_request_httprequest) = null | The current HTTP request object used to extract redirect parameters and validate host safety. |
Returns
| Type | Description |
|---|---|
string | The sanitized redirect URL from the request parameters if it passes safety checks, otherwise an empty string. |
get_success_url_allowed_hosts()
@classmethod
def get_success_url_allowed_hosts(
request: [HttpRequest](../../../http/request/httprequest.md?sid=django_http_request_httprequest) = null
) - > set
Constructs a set of permitted hostnames for URL validation, including the current request host and any explicitly defined allowed hosts.
Parameters
| Name | Type | Description |
|---|---|---|
| request | [HttpRequest](../../../http/request/httprequest.md?sid=django_http_request_httprequest) = null | The current HTTP request used to identify the host currently being accessed. |
Returns
| Type | Description |
|---|---|
set | A set of strings representing the hostnames considered safe for redirection. |
get_default_redirect_url()
@classmethod
def get_default_redirect_url() - > string
Return the default redirect URL.
Returns
| Type | Description |
|---|---|
string | The resolved URL string defined in the next_page attribute. |