DisallowedRedirect is a class within the django.core.exceptions module of the Django project.
django-oauth-toolkit (project website and PyPI package information) is a code library for adding and handling OAuth2 flows within your Django web application and API.
The django-oauth-toolkit project is open sourced under the FreeBSD license and it is maintained by the developer community group Jazzband.
django-oauth-toolkit / oauth2_provider / http.py
# http.py
from urllib.parse import urlparse
from django.core.exceptions import DisallowedRedirect
from django.http import HttpResponse
from django.utils.encoding import iri_to_uri
class OAuth2ResponseRedirect(HttpResponse):
status_code = 302
def __init__(self, redirect_to, allowed_schemes, *args, **kwargs):
super().__init__(*args, **kwargs)
self["Location"] = iri_to_uri(redirect_to)
self.allowed_schemes = allowed_schemes
self.validate_redirect(redirect_to)
@property
def url(self):
return self["Location"]
def validate_redirect(self, redirect_to):
parsed = urlparse(str(redirect_to))
if not parsed.scheme:
raise DisallowedRedirect("OAuth2 redirects require a URI scheme.")
if parsed.scheme not in self.allowed_schemes:
raise DisallowedRedirect(
"Redirect to scheme {!r} is not permitted".format(parsed.scheme)
)
## ... source file continues with no further DisallowedRedirect examples...