0003-django4-access-request-headers-through-request.heade.patch
mellon/middleware.py | ||
---|---|---|
47 | 47 |
if request.headers.get('x-requested-with') == 'XMLHttpRequest': |
48 | 48 |
return |
49 | 49 |
# Skip AJAX and media/script requests, unless mellon_no_passive is False on the view |
50 |
if getattr(view_func, 'mellon_no_passive', True) and 'text/html' not in request.META.get(
|
|
51 |
'HTTP_ACCEPT', ''
|
|
50 |
if getattr(view_func, 'mellon_no_passive', True) and 'text/html' not in request.headers.get(
|
|
51 |
'Accept', ''
|
|
52 | 52 |
): |
53 | 53 |
return |
54 | 54 |
# Skip views asking to be skiped |
mellon/views.py | ||
---|---|---|
722 | 722 |
def sp_logout_request(self, request): |
723 | 723 |
'''Launch a logout request to the identity provider''' |
724 | 724 |
next_url = request.GET.get(REDIRECT_FIELD_NAME) |
725 |
referer = request.META.get('HTTP_REFERER')
|
|
725 |
referer = request.headers.get('Referer')
|
|
726 | 726 |
if not referer or utils.same_origin(referer, request.build_absolute_uri()): |
727 | 727 |
if hasattr(request, 'user') and request.user.is_authenticated: |
728 | 728 |
logout = None |
729 |
- |