Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

do_auth is not merging request data #844

Open
sultaniman opened this issue Oct 27, 2023 · 0 comments
Open

do_auth is not merging request data #844

sultaniman opened this issue Oct 27, 2023 · 0 comments

Comments

@sultaniman
Copy link

sultaniman commented Oct 27, 2023
edited

Hey,

I wondering why backend.strategy.request_data(merge=False) for do_auth call?

social-core/social_core/actions.py

Lines 12 to 14 in 9995648

def do_auth(backend, redirect_name="next"):
# Save any defined next value into session
data = backend.strategy.request_data(merge=False)

For example real world applications might use forms POST requests and also in form action might supply query parameters and in this case merge=False for Django strategy will only take POST variables thus unintentionally breaking redirect part or other stages of authentication

<form action="login/facebook?next=/profile">
     {% csrf_token %}
    <button>Login</button>
</form>

Should there be a configuration option to merge POST and GET by default?

Thanks.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sultaniman