Source code for api.security

from urllib.parse import urljoin
from urllib.parse import urlparse

from flask import request


# from https://security.openstack.org/guidelines/dg_avoid-unvalidated-redirects.html
[docs]def is_safe_redirect_url(target): """ Corresponds to Djangos is_safe_url Args: target (String): url Returns ------- bool """ host_url = urlparse(request.host_url) redirect_url = urlparse(urljoin(request.host_url, target)) return ( redirect_url.scheme in ("http", "https") and host_url.netloc == redirect_url.netloc )
[docs]def get_safe_redirect(url): """ Returns url for root path if url not safe Args: url (String): url Returns ------- url or root page """ if url and is_safe_redirect_url(url): return url url = request.referrer if url and is_safe_redirect_url(url): return url return "/"