#36413: Add delayed_redirect() shortcut for HTML-based client-side redirection
-------------------------------------+-------------------------------------
Reporter: Mobin Ghaemi | Owner: (none)
Type: New feature | Status: closed
Component: HTTP handling | Version: dev
Severity: Normal | Resolution: wontfix
Keywords: shortcuts redirect | Triage Stage:
delay | Unreviewed
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Mobin Ghaemi):
Hello,
I opened a topic on the forum and received two pieces of feedback, but
they were not satisfactory.
Since I work at a banking company (Dotin), I understand the importance of
this matter — especially in payment flows where sensitive information is
provided and then possibly returned or reused later.
We’ve been using this module unofficially for quite some time in our
internal systems. Recently, we decided to make it official so we no longer
need to modify the official Django version manually.
Why is this module useful?
After a payment process, users may see certain information on the
following pages.
However, due to the complexity of the purchase process in our country, we
often use shared systems, or users pay someone else to complete the
process on their behalf.
Now imagine someone uses a shared system and views sensitive information.
That confidential data remains visible until the user manually navigates
away from the page — either by clicking a button or through a return
redirect.
Currently, none of these things are enforced automatically. Why?
Because the transition is handled entirely on the frontend. That means the
server doesn’t actually process or control the transition — it’s left to
the frontend, which poses security concerns.
Instead of this fragile, two-sided handling with low security, we believe
Django can handle it properly and securely using a simple module.
Thread number : https://forum.djangoproject.com/t/proposal-add-delayed-
redirect-shortcut-to-simplify-client-side-redirection/41079
--
Ticket URL: <https://code.djangoproject.com/ticket/36413#comment:2>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/django-updates/0107019705cfb45b-d39baf3e-b406-418a-86e5-6db5635a449c-000000%40eu-central-1.amazonses.com.
