summaryrefslogtreecommitdiff
path: root/tests/regressiontests/utils/http.py
diff options
context:
space:
mode:
authorLuke Plant <L.Plant.98@cantab.net>2011-03-15 20:37:09 +0000
committerLuke Plant <L.Plant.98@cantab.net>2011-03-15 20:37:09 +0000
commit243d0bec1954ad7fab44625f1440a8ce580df26c (patch)
treec469d617bbbe96d9c23a4f892143256298db97db /tests/regressiontests/utils/http.py
parentad4118be443266685cfc7ab2d59794e0692bc944 (diff)
Fixed #15617 - CSRF referer checking too strict
Thanks to adam for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@15840 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'tests/regressiontests/utils/http.py')
-rw-r--r--tests/regressiontests/utils/http.py23
1 files changed, 23 insertions, 0 deletions
diff --git a/tests/regressiontests/utils/http.py b/tests/regressiontests/utils/http.py
new file mode 100644
index 0000000000..83a4a7f54d
--- /dev/null
+++ b/tests/regressiontests/utils/http.py
@@ -0,0 +1,23 @@
+from django.utils import http
+from django.utils import unittest
+
+class TestUtilsHttp(unittest.TestCase):
+
+ def test_same_origin_true(self):
+ # Identical
+ self.assertTrue(http.same_origin('http://foo.com/', 'http://foo.com/'))
+ # One with trailing slash - see #15617
+ self.assertTrue(http.same_origin('http://foo.com', 'http://foo.com/'))
+ self.assertTrue(http.same_origin('http://foo.com/', 'http://foo.com'))
+ # With port
+ self.assertTrue(http.same_origin('https://foo.com:8000', 'https://foo.com:8000/'))
+
+ def test_same_origin_false(self):
+ # Different scheme
+ self.assertFalse(http.same_origin('http://foo.com', 'https://foo.com'))
+ # Different host
+ self.assertFalse(http.same_origin('http://foo.com', 'http://goo.com'))
+ # Different host again
+ self.assertFalse(http.same_origin('http://foo.com', 'http://foo.com.evil.com'))
+ # Different port
+ self.assertFalse(http.same_origin('http://foo.com:8000', 'http://foo.com:8001'))