summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2021-01-12 19:55:02 -0500
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2021-03-18 20:00:22 +0100
commitdba44a7a7a3581ec722e06fa0f9f33dfc00ed5cd (patch)
treea999c49d722b06cc70740b55be21c8f73ae343eb /tests
parent9bf5e9418f425666726559c9f1981a516da30aab (diff)
Refs #16010 -- Required CSRF_TRUSTED_ORIGINS setting to include the scheme.
Diffstat (limited to 'tests')
-rw-r--r--tests/check_framework/test_4_0_compatibility.py27
-rw-r--r--tests/csrf_tests/tests.py4
2 files changed, 29 insertions, 2 deletions
diff --git a/tests/check_framework/test_4_0_compatibility.py b/tests/check_framework/test_4_0_compatibility.py
new file mode 100644
index 0000000000..9f288f252a
--- /dev/null
+++ b/tests/check_framework/test_4_0_compatibility.py
@@ -0,0 +1,27 @@
+from django.core.checks import Error
+from django.core.checks.compatibility.django_4_0 import (
+ check_csrf_trusted_origins,
+)
+from django.test import SimpleTestCase
+from django.test.utils import override_settings
+
+
+class CheckCSRFTrustedOrigins(SimpleTestCase):
+
+ @override_settings(CSRF_TRUSTED_ORIGINS=['example.com'])
+ def test_invalid_url(self):
+ self.assertEqual(check_csrf_trusted_origins(None), [
+ Error(
+ 'As of Django 4.0, the values in the CSRF_TRUSTED_ORIGINS '
+ 'setting must start with a scheme (usually http:// or '
+ 'https://) but found example.com. See the release notes for '
+ 'details.',
+ id='4_0.E001',
+ )
+ ])
+
+ @override_settings(
+ CSRF_TRUSTED_ORIGINS=['http://example.com', 'https://example.com'],
+ )
+ def test_valid_urls(self):
+ self.assertEqual(check_csrf_trusted_origins(None), [])
diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py
index b1b37c8601..f733d25b02 100644
--- a/tests/csrf_tests/tests.py
+++ b/tests/csrf_tests/tests.py
@@ -399,7 +399,7 @@ class CsrfViewMiddlewareTestMixin:
resp = mw.process_view(req, post_form_view, (), {})
self.assertIsNone(resp)
- @override_settings(ALLOWED_HOSTS=['www.example.com'], CSRF_TRUSTED_ORIGINS=['dashboard.example.com'])
+ @override_settings(ALLOWED_HOSTS=['www.example.com'], CSRF_TRUSTED_ORIGINS=['https://dashboard.example.com'])
def test_https_csrf_trusted_origin_allowed(self):
"""
A POST HTTPS request with a referer added to the CSRF_TRUSTED_ORIGINS
@@ -414,7 +414,7 @@ class CsrfViewMiddlewareTestMixin:
resp = mw.process_view(req, post_form_view, (), {})
self.assertIsNone(resp)
- @override_settings(ALLOWED_HOSTS=['www.example.com'], CSRF_TRUSTED_ORIGINS=['.example.com'])
+ @override_settings(ALLOWED_HOSTS=['www.example.com'], CSRF_TRUSTED_ORIGINS=['https://*.example.com'])
def test_https_csrf_wildcard_trusted_origin_allowed(self):
"""
A POST HTTPS request with a referer that matches a CSRF_TRUSTED_ORIGINS