Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True.

This is a security fix.
author: Tim Graham <timograham@gmail.com> 2016-10-17 12:14:49 -0400
committer: Tim Graham <timograham@gmail.com> 2016-11-01 09:30:57 -0400
commit: 7fe2d8d940fdddd1a02c4754008a27060c4a03e9 (patch)
tree: a688aff3e3a2f9f53729b60aa40098c4b9981e9f /tests/csrf_tests/tests.py
parent: da7910d4834726eca596af0a830762fa5fb2dfd9 (diff)
download: django-7fe2d8d940fdddd1a02c4754008a27060c4a03e9.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py
index deac4539fe..6debb386be 100644
--- a/tests/csrf_tests/tests.py
+++ b/tests/csrf_tests/tests.py
@@ -386,7 +386,7 @@ class CsrfViewMiddlewareTest(SimpleTestCase):
         self.assertEqual(len(csrf_cookie.value), CSRF_TOKEN_LENGTH)
         self._check_token_present(resp, csrf_id=csrf_cookie.value)
 
-    @override_settings(DEBUG=True)
+    @override_settings(DEBUG=True, ALLOWED_HOSTS=['www.example.com'])
     def test_https_bad_referer(self):
         """
         Test that a POST HTTPS request with a bad referer is rejected
author	Tim Graham <timograham@gmail.com>	2016-10-17 12:14:49 -0400
committer	Tim Graham <timograham@gmail.com>	2016-11-01 09:30:57 -0400
commit	7fe2d8d940fdddd1a02c4754008a27060c4a03e9 (patch)
tree	a688aff3e3a2f9f53729b60aa40098c4b9981e9f /tests/csrf_tests/tests.py
parent	da7910d4834726eca596af0a830762fa5fb2dfd9 (diff)
download	django-7fe2d8d940fdddd1a02c4754008a27060c4a03e9.tar.gz