diff options
| author | Jake Howard <RealOrangeOne@users.noreply.github.com> | 2024-05-29 14:48:27 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-05-29 10:48:27 -0300 |
| commit | ff308a06047cd60806d604a7cf612e5656ee2ac9 (patch) | |
| tree | f2139fbf020cbdf33bad64a3377700623c18a44f /django/middleware/csrf.py | |
| parent | 02dab94c7b8585c7ae3854465574d768e1df75d3 (diff) | |
Fixed 35467 -- Replaced urlparse with urlsplit where appropriate.
This work should not generate any change of functionality, and
`urlsplit` is approximately 6x faster.
Most use cases of `urlparse` didn't touch the path, so they can be
converted to `urlsplit` without any issue. Most of those which do use
`.path`, simply parse the URL, mutate the querystring, then put them
back together, which is also fine (so long as urlunsplit is used).
Diffstat (limited to 'django/middleware/csrf.py')
| -rw-r--r-- | django/middleware/csrf.py | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py index f7943494ba..5ae1aae5c6 100644 --- a/django/middleware/csrf.py +++ b/django/middleware/csrf.py @@ -8,7 +8,7 @@ against request forgeries from other sites. import logging import string from collections import defaultdict -from urllib.parse import urlparse +from urllib.parse import urlsplit from django.conf import settings from django.core.exceptions import DisallowedHost, ImproperlyConfigured @@ -174,7 +174,7 @@ class CsrfViewMiddleware(MiddlewareMixin): @cached_property def csrf_trusted_origins_hosts(self): return [ - urlparse(origin).netloc.lstrip("*") + urlsplit(origin).netloc.lstrip("*") for origin in settings.CSRF_TRUSTED_ORIGINS ] @@ -190,7 +190,7 @@ class CsrfViewMiddleware(MiddlewareMixin): """ allowed_origin_subdomains = defaultdict(list) for parsed in ( - urlparse(origin) + urlsplit(origin) for origin in settings.CSRF_TRUSTED_ORIGINS if "*" in origin ): @@ -284,7 +284,7 @@ class CsrfViewMiddleware(MiddlewareMixin): if request_origin in self.allowed_origins_exact: return True try: - parsed_origin = urlparse(request_origin) + parsed_origin = urlsplit(request_origin) except ValueError: return False request_scheme = parsed_origin.scheme @@ -300,7 +300,7 @@ class CsrfViewMiddleware(MiddlewareMixin): raise RejectRequest(REASON_NO_REFERER) try: - referer = urlparse(referer) + referer = urlsplit(referer) except ValueError: raise RejectRequest(REASON_MALFORMED_REFERER) |