diff options
| author | Adam Donaghy <adamdonaghy1994@gmail.com> | 2021-03-19 20:42:05 +1100 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-03-19 11:19:19 +0100 |
| commit | e49fdfa405fcacb59d7ff2f321a7ddbc65dfc68b (patch) | |
| tree | 657eba12e59a2df2815ec5ee02788e3b0c73a4c6 /tests/csrf_tests | |
| parent | 474cc420bf6bc1067e2aaa4b40cf6a08d62096f7 (diff) | |
| download | django-e49fdfa405fcacb59d7ff2f321a7ddbc65dfc68b.tar.gz | |
Fixed #32571 -- Made CsrfViewMiddleware handle invalid URLs in Referer header.
Diffstat (limited to 'tests/csrf_tests')
| -rw-r--r-- | tests/csrf_tests/tests.py | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py index fb6168a044..30a58b864c 100644 --- a/tests/csrf_tests/tests.py +++ b/tests/csrf_tests/tests.py @@ -353,6 +353,12 @@ class CsrfViewMiddlewareTestMixin: req.META['HTTP_REFERER'] = 'https://' response = mw.process_view(req, post_form_view, (), {}) self.assertContains(response, malformed_referer_msg, status_code=403) + # Invalid URL + # >>> urlparse('https://[') + # ValueError: Invalid IPv6 URL + req.META['HTTP_REFERER'] = 'https://[' + response = mw.process_view(req, post_form_view, (), {}) + self.assertContains(response, malformed_referer_msg, status_code=403) @override_settings(ALLOWED_HOSTS=['www.example.com']) def test_https_good_referer(self): |