diff options
| author | Chris Jerdonek <chris.jerdonek@gmail.com> | 2021-03-25 00:35:49 -0700 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-03-25 10:34:58 +0100 |
| commit | ff514309e178e3955012050ead9b8fc66dc21a5b (patch) | |
| tree | f0886ac5b7de231fe9b799c07a6bd6dd63a17bfc /tests/csrf_tests | |
| parent | 5b618f239ceb884c9380cf42361c7cc69bf1e208 (diff) | |
| download | django-ff514309e178e3955012050ead9b8fc66dc21a5b.tar.gz | |
Fixed #32578 -- Fixed crash in CsrfViewMiddleware when a request with Origin header has an invalid host.
Diffstat (limited to 'tests/csrf_tests')
| -rw-r--r-- | tests/csrf_tests/tests.py | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py index 5f19cca43d..810c869690 100644 --- a/tests/csrf_tests/tests.py +++ b/tests/csrf_tests/tests.py @@ -319,6 +319,15 @@ class CsrfViewMiddlewareTestMixin: response = mw.process_view(req, token_view, (), {}) self.assertEqual(response.status_code, 403) + def test_origin_malformed_host(self): + req = self._get_POST_no_csrf_cookie_request() + req._is_secure_override = True + req.META['HTTP_HOST'] = '@malformed' + req.META['HTTP_ORIGIN'] = 'https://www.evil.org' + mw = CsrfViewMiddleware(token_view) + response = mw.process_view(req, token_view, (), {}) + self.assertEqual(response.status_code, 403) + @override_settings(DEBUG=True) def test_https_malformed_referer(self): """ |