diff options
author | Tim Graham <timograham@gmail.com> | 2016-10-17 12:14:49 -0400 |
---|---|---|
committer | Tim Graham <timograham@gmail.com> | 2016-11-01 09:30:57 -0400 |
commit | 7fe2d8d940fdddd1a02c4754008a27060c4a03e9 (patch) | |
tree | a688aff3e3a2f9f53729b60aa40098c4b9981e9f /tests/csrf_tests/tests.py | |
parent | da7910d4834726eca596af0a830762fa5fb2dfd9 (diff) | |
download | django-7fe2d8d940fdddd1a02c4754008a27060c4a03e9.tar.gz |
Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True.
This is a security fix.
Diffstat (limited to 'tests/csrf_tests/tests.py')
-rw-r--r-- | tests/csrf_tests/tests.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py index deac4539fe..6debb386be 100644 --- a/tests/csrf_tests/tests.py +++ b/tests/csrf_tests/tests.py @@ -386,7 +386,7 @@ class CsrfViewMiddlewareTest(SimpleTestCase): self.assertEqual(len(csrf_cookie.value), CSRF_TOKEN_LENGTH) self._check_token_present(resp, csrf_id=csrf_cookie.value) - @override_settings(DEBUG=True) + @override_settings(DEBUG=True, ALLOWED_HOSTS=['www.example.com']) def test_https_bad_referer(self): """ Test that a POST HTTPS request with a bad referer is rejected |