summaryrefslogtreecommitdiff
path: root/tests/middleware
diff options
context:
space:
mode:
authorAymeric Augustin <aymeric.augustin@m4x.org>2015-11-26 21:27:12 +0100
committerAymeric Augustin <aymeric.augustin@m4x.org>2015-11-27 08:12:49 +0100
commit8dc11dc592dbd5027943462d1bb52a60e40db034 (patch)
tree9e7b51ba368591353a8dd27e471b7bba00eaa4c2 /tests/middleware
parentb4a1d545db19bb427af4043ce2c689dad856514f (diff)
[1.9.x] Fixed #25302 (again) -- Ignored scheme when checking for bad referers.
The check introduced in 4ce433e was too strict in real life. The poorly implemented bots this patch attempted to ignore are sloppy when it comes to http vs. https. Backport of 11f10b7 from master
Diffstat (limited to 'tests/middleware')
-rw-r--r--tests/middleware/tests.py9
1 files changed, 9 insertions, 0 deletions
diff --git a/tests/middleware/tests.py b/tests/middleware/tests.py
index 328073b8ac..e9ec2b46c5 100644
--- a/tests/middleware/tests.py
+++ b/tests/middleware/tests.py
@@ -383,11 +383,20 @@ class BrokenLinkEmailsMiddlewareTest(SimpleTestCase):
self.req.META['HTTP_REFERER'] = self.req.path
BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)
self.assertEqual(len(mail.outbox), 0)
+
# URL with scheme and domain should also be ignored
self.req.META['HTTP_REFERER'] = 'http://testserver%s' % self.req.path
BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)
self.assertEqual(len(mail.outbox), 0)
+ # URL with a different scheme should be ignored as well because bots
+ # tend to use http:// in referers even when browsing HTTPS websites.
+ self.req.META['HTTP_X_PROTO'] = 'https'
+ self.req.META['SERVER_PORT'] = 443
+ with self.settings(SECURE_PROXY_SSL_HEADER=('HTTP_X_PROTO', 'https')):
+ BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)
+ self.assertEqual(len(mail.outbox), 0)
+
def test_referer_equal_to_requested_url_on_another_domain(self):
self.req.META['HTTP_REFERER'] = 'http://anotherserver%s' % self.req.path
BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)