diff options
author | Tomer Chachamu <tomer.chachamu@google.com> | 2017-10-22 00:56:01 +0100 |
---|---|---|
committer | Tim Graham <timograham@gmail.com> | 2018-02-14 20:24:01 -0500 |
commit | 7ec0fdf62afd565dd9a888300e7e33d0bf3e5fd5 (patch) | |
tree | b8db07bcb85975f9ff36c3098d02d2ff85bcb83a /tests/csrf_tests/tests.py | |
parent | ff5517988adec04d364521fdaf4a36a3f88942ef (diff) | |
download | django-7ec0fdf62afd565dd9a888300e7e33d0bf3e5fd5.tar.gz |
Fixed #28693 -- Fixed crash in CsrfViewMiddleware when an HTTPS request has an invalid host.
Diffstat (limited to 'tests/csrf_tests/tests.py')
-rw-r--r-- | tests/csrf_tests/tests.py | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py index 7c1e62c504..8a9c509f4c 100644 --- a/tests/csrf_tests/tests.py +++ b/tests/csrf_tests/tests.py @@ -294,6 +294,19 @@ class CsrfViewMiddlewareTestMixin: status_code=403, ) + def test_https_malformed_host(self): + """ + CsrfViewMiddleware generates a 403 response if it receives an HTTPS + request with a bad host. + """ + req = self._get_GET_no_csrf_cookie_request() + req._is_secure_override = True + req.META['HTTP_HOST'] = '@malformed' + req.META['HTTP_REFERER'] = 'https://www.evil.org/somepage' + req.META['SERVER_PORT'] = '443' + response = self.mw.process_view(req, token_view, (), {}) + self.assertEqual(response.status_code, 403) + @override_settings(DEBUG=True) def test_https_malformed_referer(self): """ |