You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is your feature request related to a problem? Please describe.
Since version 0.8, response.redirect() function automatically escape URLs without the option to bypass it. Specifically, I am referring to this line:
# URL Quote the URL before redirectingsafe_to=quote_plus(to, safe=":/#?&=@[]!$&'()*+,;")
I am using a library: sanic-oauth which returns a redirect already quoted. When doing so with 0.8, it resulted in double quoting and thus failing.
As a workaround, I have to write my own redirect function which skip the URL quoting.
Describe the solution you'd like
What I would like to see is, perhaps, an optional argument in the function which allows you to bypass the quote. Something like this:
defredirect(to, headers=None, status=302,
content_type="text/html; charset=utf-8", quote_url=True):
"""Abort execution and cause a 302 redirect (by default). :param to: path or fully qualified URL to redirect to :param headers: optional dict of headers to include in the new request :param status: status code (int) of the new request, defaults to 302 :param content_type: the content type (string) of the response :returns: the redirecting Response """headers=headersor {}
# URL Quote the URL before redirectingifquote_url:
safe_to=quote_plus(to, safe=":/#?&=@[]!$&'()*+,;")
else:
safe_to=to# According to RFC 7231, a relative URI is now permitted.headers['Location'] =safe_toreturnHTTPResponse(
status=status,
headers=headers,
content_type=content_type)
such that I won’t have to write my own redirect method for this one use case.
The text was updated successfully, but these errors were encountered:
smlbiobot
changed the title
Add optional argument to bypass safe quoting in response.redirect()
Add optional argument to bypass safe URL quoting in response.redirect()
Nov 7, 2018
Well, this is a tricky one. In one hand, I would like to say that plugin authors should rely on Sanic to provide the means to redirect URLs without the need to quote their string.
In the other hand, I may need to build my URL with some other encodings (such as base64) which is already safe to use, and Sanic does not provide a function to encode / decode a given URL (for Sanic plugin authors and that's why they end up having to encode by their own).
Two possible solutions:
Make quote / unquote a function inside Sanic so plugin authors can rely on them to properly encode / decode URLs - better in the long term in my opinion; or
Add the proposed flag to the redirect function - this can fix this particular issue but in the long term will end up not solving the root problem of this issue.
I have been mulling this one over in my head and had not posted my thoughts because I am not 100% sure I have fully formed an opinion.
Yes, I see how this could be needed ... But it seems a narrowly needed flag to add. It seems like there should be another way. I had thought about what if safe was something that could be passed. I think this is probably not sufficient.
Given the options @vltr mentioned, I would lean towards number 1.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If this is incorrect, please respond with an update. Thank you for your contributions.
Is your feature request related to a problem? Please describe.
Since version 0.8,
response.redirect()
function automatically escape URLs without the option to bypass it. Specifically, I am referring to this line:https://github.com/huge-success/sanic/blob/master/sanic/response.py#L413
I am using a library: sanic-oauth which returns a redirect already quoted. When doing so with 0.8, it resulted in double quoting and thus failing.
As a workaround, I have to write my own redirect function which skip the URL quoting.
Describe the solution you'd like
What I would like to see is, perhaps, an optional argument in the function which allows you to bypass the quote. Something like this:
such that I won’t have to write my own redirect method for this one use case.
The text was updated successfully, but these errors were encountered: