There are URLs which I use only for redirecting a user after a successful operation. (e.g. Thank you page after submitting feedback).
Problem is that these pages can be accessed directly.
Is there a way to prevent this?
Thanks
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
There are URLs which I use only for redirecting a user after a successful operation. (e.g. Thank you page after submitting feedback).
Problem is that these pages can be accessed directly.
Is there a way to prevent this?
Thanks
The URL is handled by a view, so make sure the view is only happy if the last thing it did was a successful operation for the logged-in user. Otherwise raise Http404.
Just do this by checking the session variable for the user in the view. The logic goes something like:
shop.html: user hits ‘post’ to buy.html
view for buy.html bills the user, sets ‘just bought something’ in session, redirects to thanks.html
view for thanks.html checks for ‘just bought something’ session variable, clears it if set otherwise 404, and renders a template to the response on success.