1👍
✅
views.py
from urllib.parse import urlparse
# import ALLOWED_HOSTS from your settings.py here!
@login_required
def designtut_favourite(request, designcat_slug, design_slug):
user = request.user
designtut = DesignTutorial.objects.get(slug=design_slug)
profile = Profile.objects.get(user=user)
if profile.favourite_design.filter(slug=design_slug).exists():
profile.favourite_design.remove(designtut)
else:
profile.favourite_design.add(designtut)
net_location = urlparse(request.META.get('HTTP_REFERER')).netloc
for allowed_host in ALLOWED_HOSTS:
if net_location in allowed_host:
return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
return HttpResponseRedirect("/")
It is important to note, that blindly redirecting to a site given in the request poses a security risk. Therefor I tried including a check with the ALLOWED_HOSTS. This should redirect to the landing page, if there is a None value in it, but also if somebody is lured into a phishing site.
Source:stackexchange.com