From e49fdfa405fcacb59d7ff2f321a7ddbc65dfc68b Mon Sep 17 00:00:00 2001 From: Adam Donaghy Date: Fri, 19 Mar 2021 20:42:05 +1100 Subject: Fixed #32571 -- Made CsrfViewMiddleware handle invalid URLs in Referer header. --- tests/csrf_tests/tests.py | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'tests') diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py index fb6168a044..30a58b864c 100644 --- a/tests/csrf_tests/tests.py +++ b/tests/csrf_tests/tests.py @@ -353,6 +353,12 @@ class CsrfViewMiddlewareTestMixin: req.META['HTTP_REFERER'] = 'https://' response = mw.process_view(req, post_form_view, (), {}) self.assertContains(response, malformed_referer_msg, status_code=403) + # Invalid URL + # >>> urlparse('https://[') + # ValueError: Invalid IPv6 URL + req.META['HTTP_REFERER'] = 'https://[' + response = mw.process_view(req, post_form_view, (), {}) + self.assertContains(response, malformed_referer_msg, status_code=403) @override_settings(ALLOWED_HOSTS=['www.example.com']) def test_https_good_referer(self): -- cgit v1.3