django4: access request headers through request.headers instead of request.META (#68571)
This commit is contained in:
parent
7050da2320
commit
98783c8574
|
@ -47,8 +47,8 @@ class PassiveAuthenticationMiddleware(MiddlewareMixin):
|
|||
if request.headers.get('x-requested-with') == 'XMLHttpRequest':
|
||||
return
|
||||
# Skip AJAX and media/script requests, unless mellon_no_passive is False on the view
|
||||
if getattr(view_func, 'mellon_no_passive', True) and 'text/html' not in request.META.get(
|
||||
'HTTP_ACCEPT', ''
|
||||
if getattr(view_func, 'mellon_no_passive', True) and 'text/html' not in request.headers.get(
|
||||
'Accept', ''
|
||||
):
|
||||
return
|
||||
# Skip views asking to be skiped
|
||||
|
|
|
@ -722,7 +722,7 @@ class LogoutView(ProfileMixin, LogMixin, View):
|
|||
def sp_logout_request(self, request):
|
||||
'''Launch a logout request to the identity provider'''
|
||||
next_url = request.GET.get(REDIRECT_FIELD_NAME)
|
||||
referer = request.META.get('HTTP_REFERER')
|
||||
referer = request.headers.get('Referer')
|
||||
if not referer or utils.same_origin(referer, request.build_absolute_uri()):
|
||||
if hasattr(request, 'user') and request.user.is_authenticated:
|
||||
logout = None
|
||||
|
|
Loading…
Reference in New Issue