DigitalOcean

Report this

What is the reason for this report?
Question

Why Nginx add query string ?next= to my django url path

Posted on January 6, 2021
Nginx
Django
jlsk6

By jlsk6

Hi. i followed digitalocean tutorial at https://www.digitalocean.com/community/tutorials/how-to-set-up-django-with-postgres-nginx-and-gunicorn-on-ubuntu-20-04

my view use @login_required

everythings fine when i start server with command

(env)$ python manage.py runserver 0.0.0.0:8000 and (env)$ gunicorn --bind 0.0.0.0:8000 lskweb.wsgi

In final step… Nginx proxy pass to gunicorn. but when i logged in , django will redirect to /?next=/home

urls.py

from central import views as c_view
from django.contrib.auth import views as auth_views
from django.urls import include, path

urlpatterns = [
    path('login/', auth_views.LoginView.as_view(template_name='central/login.html'), name='login'),
    path('logout/', auth_views.LogoutView.as_view(next_page='login'), name='logout'),
    path('home/', c_view.home, name='home'),
    ]

central/views.py

@login_required
def home(request):
    data = {}
    return render(request, 'central/home.html', data)

central/templates/central/home.html

<h1>Home</h1>
  <a href="/logout">Logout</a>
  <hr>
  <h3><a href="/mails">Mails</a></h3>
  <h3><a href="/insure">Insure</a></h3>
  <h3><a href="/redbooks">Redbooks</a></h3>
  <h3><a href="/dshop">Dshop</a></h3>

=====

I removed @login_required from def home Nginx not add query string ?next= yet, but not my purpose becuse i want to secure my views

this is my django webapp link

Thank you.



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Bobby
Bobby
September 10, 2023

Hello,

It looks like you’re running into an issue where after logging in, Django is redirecting you to a URL with the query string ?next=/home appended. This is a common behavior when the @login_required decorator is used; it’s designed to redirect a user back to the original page they were trying to access before being prompted to log in.

Here’s a breakdown of the behavior:

  1. When a user tries to access a view protected by the @login_required decorator and they’re not logged in, Django will redirect them to the login page.
  2. Django appends the original URL the user was trying to access as a next parameter in the query string so that after the user logs in, Django can redirect them back to that URL.
  3. If your Nginx setup or other configurations aren’t properly handling this redirect, it could lead to the behavior you’re observing.

To address this issue:

  1. Check Your LOGIN_REDIRECT_URL: Ensure you’ve set LOGIN_REDIRECT_URL in your settings.py. If it’s not set, Django defaults to the /accounts/profile/ URL. Set it to your desired URL after login:
LOGIN_REDIRECT_URL = '/home/'
  1. Ensure Nginx is Passing All Headers: Make sure your Nginx configuration is correctly set up to proxy to your Gunicorn server, and importantly, it should be passing all headers:
location / {
    proxy_pass http://unix:/path/to/your/gunicorn.sock;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
  1. Check USE_X_FORWARDED_HOST and USE_X_FORWARDED_PORT: When behind a proxy like Nginx, Django needs to be aware of the original protocol (HTTP or HTTPS) and host. Add these lines to your settings.py:
USE_X_FORWARDED_HOST = True
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

  1. Ensure URLs are Correct in Templates: Instead of hardcoding URLs in your templates, use the {% url %} template tag. This ensures that URLs are generated correctly even if you change the associated name in urls.py. For instance, for the logout link:

    <a href="{% url 'logout' %}">Logout</a>

  2. Ensure Nginx Doesn’t Cache the Login Page: If Nginx is caching the login page, it might cause unexpected redirects. Ensure you don’t have any caching configurations that might affect this behavior.

  3. Logs: Check your Django and Nginx logs for any warnings or errors. This can provide hints about misconfigurations or issues.

  4. Ensure no Trailing Slashes Mismatch: Django can be configured to either expect trailing slashes for its URLs or not using the APPEND_SLASH setting. If there’s a mismatch between what Django expects and what Nginx is serving, it might cause redirects. Ensure that the behavior is consistent. If you’ve set APPEND_SLASH = True in Django, ensure Nginx isn’t stripping away or adding unnecessary trailing slashes.

Best,

Bobby

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.