If you need to specify a different action attribute in your form you can’t use the next parameter provided by Flask-Login. I’d recommend anyways to put the endpoint instead of the url into the url parameter since it is easier to validate. Here’s some code from the application I’m working on, maybe this can help you.
Overwrite Flask-Login’s unauthorized handler to use the endpoint instead of the url in the next parameter:
@login_manager.unauthorized_handler
def handle_needs_login():
flash("You have to be logged in to access this page.")
return redirect(url_for('account.login', next=request.endpoint))
Use request.endpoint in your own URLs too:
{# login form #}
<form action="{{ url_for('account.login', next=request.endpoint) }}" method="post">
...
</form>
Redirect to the endpoint in the next parameter if it exists and is valid, else redirect to a fallback.
def redirect_dest(fallback):
dest = request.args.get('next')
try:
dest_url = url_for(dest)
except:
return redirect(fallback)
return redirect(dest_url)
@app.route("/login", methods=["GET", "POST"])
def login():
...
if user_is_logged_in:
flash("Logged in!")
return redirect_dest(fallback=url_for('general.index'))
else:
flash("Sorry, but you could not log in.")
return render_template("login.html")