我正在为用户创建一个将帖子保存为最喜欢的逻辑,我完成了创建,但当我header到urlhttp://127.0.0.1:8000/design/ui-ux/learn-ui-the-easy-way/save/
时,它会自动刷新它自己,现在将None
附加到url,如http://127.0.0.1:8000/design/ui-ux/learn-ui-the-easy-way/save/None
,这不是我所期望的。
views.py
@login_required
def designtut_favourite(request, designcat_slug, design_slug):
user = request.user
designtut = DesignTutorial.objects.get(slug=design_slug)
profile = Profile.objects.get(user=user)
if profile.favourite_design.filter(slug=design_slug).exists():
profile.favourite_design.remove(designtut)
else:
profile.favourite_design.add(designtut)
return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
models.py
class Profile(models.Model):
user = models.OneToOneField(User, on_delete=models.CASCADE)
favourite_design = models.ManyToManyField(DesignTutorial)
urls . py
path('design/<designcat_slug>/<design_slug>/save/', views.designtut_favourite, name="design-save"),
template.html
<a href="{% url 'base:design-save' designtut.designcat.slug designtut.slug %}"><i class="fas fa-heart" "></i><span>Save</span></a>
views.py
from urllib.parse import urlparse
# import ALLOWED_HOSTS from your settings.py here!
@login_required
def designtut_favourite(request, designcat_slug, design_slug):
user = request.user
designtut = DesignTutorial.objects.get(slug=design_slug)
profile = Profile.objects.get(user=user)
if profile.favourite_design.filter(slug=design_slug).exists():
profile.favourite_design.remove(designtut)
else:
profile.favourite_design.add(designtut)
net_location = urlparse(request.META.get('HTTP_REFERER')).netloc
for allowed_host in ALLOWED_HOSTS:
if net_location in allowed_host:
return HttpResponseRedirect(request.META.get('HTTP_REFERER'))
return HttpResponseRedirect("/")
需要注意的是,盲目重定向到请求中给定的站点会带来安全风险。因此,我尝试与ALLOWED_HOSTS
进行检查。这应该重定向到登陆页面,如果它有一个None
值,但也如果有人被引诱到一个钓鱼网站。