diff --git a/django/contrib/auth/tests/views.py b/django/contrib/auth/tests/views.py
index a9bcd95434..530956ae45 100644
--- a/django/contrib/auth/tests/views.py
+++ b/django/contrib/auth/tests/views.py
@@ -236,7 +236,9 @@ class LoginTest(AuthViewsTestCase):
                          '/view?param=ftp://exampel.com',
                          'view/?param=//example.com',
                          'https:///',
-                         '//testserver/'):
+                         '//testserver/',
+                         '/url%20with%20spaces/', # see ticket #12534
+                         ):
             safe_url = '%(url)s?%(next)s=%(good_url)s' % {
                 'url': login_url,
                 'next': REDIRECT_FIELD_NAME,
@@ -251,6 +253,7 @@ class LoginTest(AuthViewsTestCase):
             self.assertTrue(good_url in response['Location'],
                             "%s should be allowed" % good_url)
 
+
 class LoginURLSettings(AuthViewsTestCase):
     urls = 'django.contrib.auth.tests.urls'
     
diff --git a/django/contrib/auth/views.py b/django/contrib/auth/views.py
index 8d0453f8f9..c34a4a377e 100644
--- a/django/contrib/auth/views.py
+++ b/django/contrib/auth/views.py
@@ -34,11 +34,11 @@ def login(request, template_name='registration/login.html',
         if form.is_valid():
             netloc = urlparse.urlparse(redirect_to)[1]
 
-            # Light security check -- make sure redirect_to isn't garbage.
-            if not redirect_to or ' ' in redirect_to:
+            # Use default setting if redirect_to is empty
+            if not redirect_to:
                 redirect_to = settings.LOGIN_REDIRECT_URL
 
-            # Heavier security check -- don't allow redirection to a different
+            # Security check -- don't allow redirection to a different
             # host.
             elif netloc and netloc != request.get_host():
                 redirect_to = settings.LOGIN_REDIRECT_URL