url_for() usage is like : return redirect(url_for('auth.login'))
this will get you the url for auth.login()
2.if the SECURITY_UNAUTHORIZED_VIEW is set right.
e.g.
SECURITY_UNAUTHORIZED_VIEW = 'auth.login'
view = utils.get_url(utils.config_value('UNAUTHORIZED_VIEW')) will set view = "/login" with is the URL of the login page correspond to the 'auth.login' endpoint
THEN, everything went wrong here~!!!
url_for() can not use "/login" as input to process, since it is already processed by url_for() once!! It will always raise error~!!
So , the code runs to except BuildError: view = None
Finally, end up with view = None
So.. the redirect torequest.referrer or '/' forever~!!!!
1.From the FLASK docs:
this will get you the url for auth.login()
2.if the SECURITY_UNAUTHORIZED_VIEW is set right. e.g.
view = utils.get_url(utils.config_value('UNAUTHORIZED_VIEW'))
will setview = "/login"
with is the URL of the login page correspond to the 'auth.login' endpointAnd since view = "/login" is just a
STRING
, not a callable(). it will go toTHEN, everything went wrong here~!!!
url_for()
can not use "/login" as input to process, since it is already processed by url_for() once!! It will always raise error~!!So , the code runs to
except BuildError: view = None
Finally, end up withview = None
So.. the redirect to
request.referrer or '/'
forever~!!!!_Originally posted by @odinms in https://github.com/mattupstate/flask-security/issue_comments#issuecomment-448192001_