Skip to content

Fixed #21446 – Allowed not performing redirect in set_language view. #1923

Closed
wants to merge 1 commit into from

3 participants

@KrzysiekJ KrzysiekJ Fixed #21446 – Made set_language return 204 status code for AJAX requ…
…ests.

The redirect is still performed if the “next” parameter is present.
13fb400
@timgraham timgraham commented on the diff Jun 5, 2014
docs/releases/1.7.txt
@@ -372,6 +372,9 @@ Internationalization
in the corresponding entry in the PO file, which makes the translation
process easier.
+* :func:`django.views.i18n.set_language` now returns 204 status code for AJAX
@timgraham
Django member
timgraham added a note Jun 5, 2014

needs to be 1.8 now

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@timgraham timgraham commented on the diff Jun 5, 2014
docs/topics/i18n/translation.txt
-* Django looks for a ``next`` parameter in the ``POST`` data.
-* If that doesn't exist, or is empty, Django tries the URL in the
- ``Referrer`` header.
-* If that's empty -- say, if a user's browser suppresses that header --
- then the user will be redirected to ``/`` (the site root) as a fallback.
+After setting the language choice, Django looks for a ``next`` parameter in the
+``POST`` or ``GET`` data. If that is found and Django considers it to be a safe
+URL (i.e. it doesn’t point to a different host and uses a safe scheme), a
+redirect to that URL will be performed. Otherwise, Django may fall back to
+redirecting the user to the URL
+from the ``Referer`` header or, if it is not set, to ``/``, depending on the
+nature of the request:
+
+* For AJAX requests, the fallback will be performed only if the ``next`` parameter
+ was set. Otherwise a 204 status code will be returned.
+* For non-AJAX requests, the fallback will be performed always.
@timgraham
Django member
timgraham added a note Jun 5, 2014

Need a .. versionchanged:: 1.8 with a description of changes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@timgraham timgraham commented on the diff Jun 5, 2014
docs/topics/i18n/translation.txt
@@ -1462,14 +1462,17 @@ saves the language choice in the user's session. Otherwise, it saves the
language choice in a cookie that is by default named ``django_language``.
(The name can be changed through the :setting:`LANGUAGE_COOKIE_NAME` setting.)
-After setting the language choice, Django redirects the user, following this
-algorithm:
-
-* Django looks for a ``next`` parameter in the ``POST`` data.
-* If that doesn't exist, or is empty, Django tries the URL in the
- ``Referrer`` header.
-* If that's empty -- say, if a user's browser suppresses that header --
- then the user will be redirected to ``/`` (the site root) as a fallback.
+After setting the language choice, Django looks for a ``next`` parameter in the
+``POST`` or ``GET`` data. If that is found and Django considers it to be a safe
+URL (i.e. it doesn’t point to a different host and uses a safe scheme), a
+redirect to that URL will be performed. Otherwise, Django may fall back to
+redirecting the user to the URL
@timgraham
Django member
timgraham added a note Jun 5, 2014

odd line break

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@timgraham
Django member

Closing in absence of follow-up, please send a new PR if you can update it, thanks!

@timgraham timgraham closed this Oct 31, 2014
@claudep
Django member
claudep commented Mar 28, 2016

Updated pull request: #6351

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.