What does netloc mean?

Tri picture Tri · Jan 1, 2019 · Viewed 10.5k times · Source

I'm learning to make login function with Flask-login, and I'm facing with this code in my tutorial that I'm following:

@app.route('/login', methods = ['GET', 'POST'])
def login():
    if current_user.is_authenticated:
        return redirect(url_for('index'))
    form = LoginForm()
    if form.validate_on_submit():
        user = User.query.filter_by(username=form.username.data).first()
        if user is None or not user.check_password(form.password.data):
            flash('Invalid username or password')
            return redirect(url_for('login'))
        login_user(user, remember=form.remember_me.data)
        next_page = request.args.get('next')
        if not next_page or url_parse(next_page).netloc != '': # what is it means in this line..?
            next_page = url_for('index')
        return redirect(next_page)
    return render_template('login.html', title='Sign In', form=form)

But I'm not sure what's the code above that I commented means..?, especially in netloc word, what is that..?, I know that is stand for network locality, but what is the purpose on that line..?

Answer

0xInfection picture 0xInfection · Jan 1, 2019

From RFC 1808, Section 2.1, every URL should follow a specific format:

<scheme>://<netloc>/<path>;<params>?<query>#<fragment>

The netloc (which stands for network locality) is what the first level domain (FLD) represents, which comes before the path, and after the scheme. It consists of an optional username and an optional password, which takes the form of username:password and sits before the hostname. Together, a netloc might take the form of username:password@host:port. Taking a general example, if you have the following URL:

http://www.example.com/index?search=src

Here, www.example.com is your netloc, while index is the path, search is the query parameter, and src is the value being passed along the parameter search.

Now coming to your code, the if statement checks whether or not the next_page exists and whether the next_page has a netloc. In that login() function, checking if .netloc != '', means that it is checking whether the result of url_parse(next_page) is a relative url. A relative url has a path but no hostname (and thus no netloc). ;)