recording includes artist y los hosts de cors igual se consideran

seguros en login

fetcher/medium.py

@@ -354,7 +354,7 @@ def get_recording(mbid):
     if mb_recording:
         return map_recording(mb_recording)
 
-    mb_recording = mb.get_recording_by_mbid(mbid)
+    mb_recording = mb.get_recording_by_mbid(mbid, includes=['artists'])
 
     if 'error' in mb_recording:
         _log.error('Error al buscar %s', mb_recording)

users/views.py

@@ -1,5 +1,6 @@
 """Definición de las vistas de la aplicación"""
 from django.http import HttpResponseRedirect, HttpResponseNotAllowed
+from django.conf import settings
 from django.shortcuts import render
 from django.utils.http import url_has_allowed_host_and_scheme
 from django.contrib.auth import login as auth_login, logout as auth_logout
@@ -15,13 +16,24 @@ def get_next_url(request):
     """
     next_url = request.POST.get('next', request.GET.get('next', ''))
 
+    if not settings.DEBUG:
+        allowed_hosts = [
+            request.get_host(),
+            *settings.ALLOWED_HOSTS,
+            *settings.CORS_ORIGIN_WHITELIST,
+        ]
+
         url_is_safe = url_has_allowed_host_and_scheme(
             url=next_url,
-        allowed_hosts=request.get_host(),
+            allowed_hosts=allowed_hosts,
             require_https=request.is_secure(),
         )
+    else:
+        url_is_safe = True
+
+    print(next_url)
+    print('safe') if url_is_safe else print('unsafe')
 
-    print(next_url if url_is_safe else '/')
     return next_url if url_is_safe else '/'
 
 
@@ -132,5 +144,5 @@ def _register_post(request):
         )
 
     user = get_user_model().objects.create_user(username, email, password)
-    auth_login(request, user)
+    auth_login(request, user, backend='django.contrib.auth.backends.ModelBackend')
     return HttpResponseRedirect(get_next_url(request))