summaryrefslogtreecommitdiff
path: root/tests/postgres_tests/test_array.py
diff options
context:
space:
mode:
authorCarlton Gibson <carlton.gibson@noumenal.es>2019-06-13 10:57:29 +0200
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2019-07-01 07:48:04 +0200
commit54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 (patch)
treec8ccf1b4aa9c140a56f61e844723f5ff89ae9b5c /tests/postgres_tests/test_array.py
parent30b3ee9d0b33bb440f9c73d1ce9e0e7303887a9f (diff)
Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
An HTTP request would not be redirected to HTTPS when the SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if the proxy connected to Django via HTTPS. HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if set, rather than falling back to the request scheme when the SECURE_PROXY_SSL_HEADER did not have the secure value. Thanks to Gavin Wahl for the report and initial patch suggestion, and Shai Berger for review.
Diffstat (limited to 'tests/postgres_tests/test_array.py')
0 files changed, 0 insertions, 0 deletions