summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
Diffstat (limited to 'tests')
-rw-r--r--tests/csrf_tests/tests.py2
-rw-r--r--tests/requests/tests.py29
2 files changed, 16 insertions, 15 deletions
diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py
index deac4539fe..6debb386be 100644
--- a/tests/csrf_tests/tests.py
+++ b/tests/csrf_tests/tests.py
@@ -386,7 +386,7 @@ class CsrfViewMiddlewareTest(SimpleTestCase):
self.assertEqual(len(csrf_cookie.value), CSRF_TOKEN_LENGTH)
self._check_token_present(resp, csrf_id=csrf_cookie.value)
- @override_settings(DEBUG=True)
+ @override_settings(DEBUG=True, ALLOWED_HOSTS=['www.example.com'])
def test_https_bad_referer(self):
"""
Test that a POST HTTPS request with a bad referer is rejected
diff --git a/tests/requests/tests.py b/tests/requests/tests.py
index 12f6341777..2581eada0b 100644
--- a/tests/requests/tests.py
+++ b/tests/requests/tests.py
@@ -779,21 +779,22 @@ class HostValidationTests(SimpleTestCase):
self.assertEqual(request.get_port(), '8080')
@override_settings(DEBUG=True, ALLOWED_HOSTS=[])
- def test_host_validation_disabled_in_debug_mode(self):
- """If ALLOWED_HOSTS is empty and DEBUG is True, all hosts pass."""
- request = HttpRequest()
- request.META = {
- 'HTTP_HOST': 'example.com',
- }
- self.assertEqual(request.get_host(), 'example.com')
+ def test_host_validation_in_debug_mode(self):
+ """
+ If ALLOWED_HOSTS is empty and DEBUG is True, variants of localhost are
+ allowed.
+ """
+ valid_hosts = ['localhost', '127.0.0.1', '[::1]']
+ for host in valid_hosts:
+ request = HttpRequest()
+ request.META = {'HTTP_HOST': host}
+ self.assertEqual(request.get_host(), host)
- # Invalid hostnames would normally raise a SuspiciousOperation,
- # but we have DEBUG=True, so this check is disabled.
- request = HttpRequest()
- request.META = {
- 'HTTP_HOST': "invalid_hostname.com",
- }
- self.assertEqual(request.get_host(), "invalid_hostname.com")
+ # Other hostnames raise a SuspiciousOperation.
+ with self.assertRaises(SuspiciousOperation):
+ request = HttpRequest()
+ request.META = {'HTTP_HOST': 'example.com'}
+ request.get_host()
@override_settings(ALLOWED_HOSTS=[])
def test_get_host_suggestion_of_allowed_host(self):