diff options
| author | Carlton Gibson <carlton.gibson@noumenal.es> | 2019-06-13 10:57:29 +0200 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2019-07-01 07:48:04 +0200 |
| commit | 54d0f5e62f54c29a12dd96f44bacd810cbe03ac8 (patch) | |
| tree | c8ccf1b4aa9c140a56f61e844723f5ff89ae9b5c /tests/postgres_tests | |
| parent | 30b3ee9d0b33bb440f9c73d1ce9e0e7303887a9f (diff) | |
Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set.
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.
HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.
Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
Diffstat (limited to 'tests/postgres_tests')
0 files changed, 0 insertions, 0 deletions
