Its not that easy to do but instead of generating the link say: http://myrealsite.com/admin/change_password
If HTTP_HOST is somehow messed up say by Man In the Browser, in the email, you could get something like: http://hackersite.com/admin/change_password If the user isn't paying attention, they can end up giving credentials to third party! Its just a corner case, but hackers look for corner cases! On 12/2/13, Vibhu Rishi <vibhu.ri...@gmail.com> wrote: > Not sure how the header injection will work in this case ? > > As I see it, I am using this in the email text for the email body. This is > generated and sent in a view function I have. So, how will the http header > get inserted in this flow ? > > Vibhu > > > > On Fri, Nov 29, 2013 at 7:39 PM, Joseph Mutumi <jjmut...@gmail.com> wrote: > >> That could work but isn't it a bit insecure? I think it will be >> susceptible to a header injection( >> http://en.wikipedia.org/wiki/HTTP_header_injection). I would rather >> create a setting with the domain name in settings.py and then call it >> from >> the template or write a custom template tag. >> >> >> On Fri, Nov 29, 2013 at 2:55 PM, Rafael E. Ferrero < >> rafael.ferr...@gmail.com> wrote: >> >>> Good work!! >>> >>> >>> >>> 2013/11/29 Vibhu Rishi <vibhu.ri...@gmail.com> >>> >>>> Thanks for the links. I had done the google searches and gone through >>>> them, but they seemed to me a lot of work to get something simple. >>>> >>>> I finally did the following. Any comments welcome if this is not a good >>>> way to do. >>>> >>>> In my view, I pass a context object of the request to the email >>>> template. I need the request as i also want to put in the user's name. >>>> >>>> in the email template now I changed it to : >>>> <A href="http://{{request.get_get_host}}{% url "project.views.details" >>>> project.id %}">{{ project }}</a> >>>> >>>> This seems to be working and quite simple too ! >>>> >>>> Regards, >>>> Vibhu >>>> >>>> >>>> >>>> >>>> On Fri, Nov 29, 2013 at 4:26 PM, Rafael E. Ferrero < >>>> rafael.ferr...@gmail.com> wrote: >>>> >>>>> >>>>> https://docs.djangoproject.com/en/dev/ref/contrib/sites/#getting-the-current-domain-for-full-urls >>>>> >>>>> >>>>> 2013/11/29 Vibhu Rishi <vibhu.ri...@gmail.com> >>>>> >>>>>> hi, >>>>>> >>>>>> I have a setup where I have a project details page, and I can do a >>>>>> "send email" which should send the email with the URL. >>>>>> >>>>>> Email is working fine. >>>>>> >>>>>> The problem is that i am getting a relative url in the tempalte >>>>>> >>>>>> I have the following in the html email template : >>>>>> <A href="{% url "project.views.details" project.id %}">{{ project >>>>>> }}</a> >>>>>> >>>>>> This give me a URL in the email as /projects/1 ( 1 being the project >>>>>> id) >>>>>> >>>>>> How do i prepend the url of the server here ? e.g. I want this to be >>>>>> http://localhost:8000/projects/1 >>>>>> >>>>>> Vibhu >>>>>> >>>>>> -- >>>>>> Simplicity is the ultimate sophistication. - Leonardo da Vinci >>>>>> Life is really simple, but we insist on making it complicated. - >>>>>> Confucius >>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "Django users" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send >>>>>> an email to django-users+unsubscr...@googlegroups.com. >>>>>> To post to this group, send email to django-users@googlegroups.com. >>>>>> Visit this group at http://groups.google.com/group/django-users. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/d/msgid/django-users/CAPiONwn6cHwi51fJ63oFUOLof2QmFqsSeqz2VeOM_Jxk%2BaUYGQ%40mail.gmail.com >>>>>> . >>>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Rafael E. Ferrero >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "Django users" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to django-users+unsubscr...@googlegroups.com. >>>>> To post to this group, send email to django-users@googlegroups.com. >>>>> Visit this group at http://groups.google.com/group/django-users. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/d/msgid/django-users/CAJJc_8WWUyfwYd1cjxNzvm0xe5LjUTNDjPGDnYaaxE9w3B1C-g%40mail.gmail.com >>>>> . >>>>> >>>>> For more options, visit https://groups.google.com/groups/opt_out. >>>>> >>>> >>>> >>>> >>>> -- >>>> Simplicity is the ultimate sophistication. - Leonardo da Vinci >>>> Life is really simple, but we insist on making it complicated. - >>>> Confucius >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Django users" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to django-users+unsubscr...@googlegroups.com. >>>> To post to this group, send email to django-users@googlegroups.com. >>>> Visit this group at http://groups.google.com/group/django-users. >>>> To view this discussion on the web visit >>>> https://groups.google.com/d/msgid/django-users/CAPiONw%3D7Uh9uReNyCCzhGb%3D09WHCzY9rSPp9mYn_eJRsHwmNpw%40mail.gmail.com >>>> . >>>> >>>> For more options, visit https://groups.google.com/groups/opt_out. >>>> >>> >>> >>> >>> -- >>> Rafael E. Ferrero >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups >>> "Django users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an >>> email to django-users+unsubscr...@googlegroups.com. >>> To post to this group, send email to django-users@googlegroups.com. >>> Visit this group at http://groups.google.com/group/django-users. >>> To view this discussion on the web visit >>> https://groups.google.com/d/msgid/django-users/CAJJc_8WiwQjgNPKX4RZ0eQu%3DkYz%2BH51BywB0rQMVJ4u8XW8hbw%40mail.gmail.com >>> . >>> >>> For more options, visit https://groups.google.com/groups/opt_out. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Django users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to django-users+unsubscr...@googlegroups.com. >> To post to this group, send email to django-users@googlegroups.com. >> Visit this group at http://groups.google.com/group/django-users. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/django-users/CAN5idp9_g88SHrHBN2YZQVA%2BxbGFJ-F6Ac2PvxD3uLF7Dqa9_w%40mail.gmail.com >> . >> >> For more options, visit https://groups.google.com/groups/opt_out. >> > > > > -- > Simplicity is the ultimate sophistication. - Leonardo da Vinci > Life is really simple, but we insist on making it complicated. - Confucius > > -- > You received this message because you are subscribed to the Google Groups > "Django users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-users+unsubscr...@googlegroups.com. > To post to this group, send email to django-users@googlegroups.com. > Visit this group at http://groups.google.com/group/django-users. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-users/CAPiONwmsOxsVpxW8edRhWBoSifRpwgvG0sJ5XqktW0XhSBVRRA%40mail.gmail.com. > For more options, visit https://groups.google.com/groups/opt_out. > -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To post to this group, send email to django-users@googlegroups.com. Visit this group at http://groups.google.com/group/django-users. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/CAN5idp-o%3DcDpy8%2BQZswhUrVwfCDktTCL4U21ujptwiMaRYDzig%40mail.gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
