1

I have a task where I need to redirect to an external url, which will then POST redirect back to the flask app with a body. It is related to AD FS authorization.

However, I want to hide in the url bar that I'm redirecting to the external url, basically a URL Masking.

Here is some code similar to my route:

@oauth2_bp.route('/callback', methods=['GET', 'POST'])
def oauth2():
    id_token = request.form.get('id_token')
    if id_token:
        ...
    else:
        ...
        return redirect(url)

Any ideas how I could accomplish this?

Federico Baù
  • 6,013
  • 5
  • 30
  • 38
Rasmus Fisker Bang
  • 91
  • 7
  • Can you add some of your code so that is more clear? Where do you want to add the hidden URL ? in the HTML Template? In the Flask views? Why dont you return this to the function? ==> `return redirect("http://www.example.com", code=302)` – Federico Baù Aug 04 '20 at 06:47
  • Referance [Here] (https://stackoverflow.com/questions/14343812/redirecting-to-url-in-flask) – Federico Baù Aug 04 '20 at 06:47
  • @FedericoBaù Sure, I have edited the post now. I do not want to show the hidden url anywhere. I want to hide in the browser that I'm redirecting. In the url bar – Rasmus Fisker Bang Aug 04 '20 at 07:48
  • OK I don't know how is done in Flask, however to better understanding does this article explain what you want to achieve? ==> https://www.interserver.net/tips/kb/how-to-do-url-masking/#:~:text=The%20URL%20masking%20is%20also,name%20the%20file%20as%20index. If yes then what you are trying to do is called 'URL Masking' this will help index this issue and see if somebody has a solution for Flask – Federico Baù Aug 04 '20 at 09:57

1 Answers1

0

I found thi extensio here Flask-NoExtRef

The title says: 'Flask-NoExtRef is an extension for Flask that adds ability for hiding external URL to your Flask application.' However this will won't hide the URL in the Browser URL page.

This is how it run in a simple example from the DOCS:

from flask import Flask, abort, request, redirect
from flaskext.noextref import NoExtRef

app = Flask(__name__)

def handle_ext_url():
    url = request.args.get('url', None)
    if not url:
        abort(405)
    return redirect(url)

noext = NoExtRef(app, rule='/go/',
        view_func=handle_ext_url)

And this is how you implement this in Jinja2:

{# replace all anchors in the text #}
{{ some_text_with_refs|hide_urls }}

{# replace of the specified anchor #}
{{ some_url|hide_url }}

Here are some answer found in StackOverflow:

  1. Flask: Is it possible to Mask a URL with variables?
  2. How to hide variables from flask url routing?
Federico Baù
  • 6,013
  • 5
  • 30
  • 38
  • Thank you for your effort, but this is not a solution. This library simply hides the external urls in the generated HTML. It does not hide the url in the url bar. – Rasmus Fisker Bang Aug 04 '20 at 10:57
  • That' correct, I edited my answer I mis read that part. Still what you want to do is a 'URL Masking.' I am also looking how to do it and will update here if I found anything new. – Federico Baù Aug 04 '20 at 11:02