diff options
| author | chemary <jmherrero@chemary.com> | 2016-01-18 15:04:41 +0100 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2016-01-20 18:23:55 -0500 |
| commit | 076d4591108764695582ab272fdb7f348b4c161c (patch) | |
| tree | 57296518533990b40a44e88a1ec986ecb9fac436 /tests | |
| parent | f0da306af186c121c0e339342f60d29552bf8c1a (diff) | |
[1.9.x] Fixed #26094 -- Fixed CSRF behind a proxy (settings.USE_X_FORWARDED_PORT=True).
Backport of 2d28144c9519f4e4397c70f045c2b1d31437bf69 from master
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/csrf_tests/tests.py | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py index 987ecd31c5..54570dca42 100644 --- a/tests/csrf_tests/tests.py +++ b/tests/csrf_tests/tests.py @@ -375,6 +375,23 @@ class CsrfViewMiddlewareTest(SimpleTestCase): req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {}) self.assertIsNone(req2) + @override_settings(ALLOWED_HOSTS=['www.example.com'], CSRF_COOKIE_DOMAIN='.example.com', USE_X_FORWARDED_PORT=True) + def test_https_good_referer_behind_proxy(self): + """ + A POST HTTPS request is accepted when USE_X_FORWARDED_PORT=True. + """ + req = self._get_POST_request_with_token() + req._is_secure_override = True + req.META.update({ + 'HTTP_HOST': '10.0.0.2', + 'HTTP_REFERER': 'https://www.example.com/somepage', + 'SERVER_PORT': '8080', + 'HTTP_X_FORWARDED_HOST': 'www.example.com', + 'HTTP_X_FORWARDED_PORT': '443', + }) + req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {}) + self.assertIsNone(req2) + @override_settings(ALLOWED_HOSTS=['www.example.com'], CSRF_TRUSTED_ORIGINS=['dashboard.example.com']) def test_https_csrf_trusted_origin_allowed(self): """ |
