diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2011-03-15 22:24:26 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2011-03-15 22:24:26 +0000 |
| commit | 1d628d7ecf9ae832894e54acf7757a62caf7b548 (patch) | |
| tree | 171748757a5b8013792f6506f70015c26d4f723c /tests/regressiontests/utils/http.py | |
| parent | 63686ce2c6657ae4db7bf6a05c3ee8ef8555e167 (diff) | |
[1.2.X] Fixed #15617 - CSRF referer checking too strict
Thanks to adam for the report.
Backport of [15840] from trunk.
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15844 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'tests/regressiontests/utils/http.py')
| -rw-r--r-- | tests/regressiontests/utils/http.py | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/tests/regressiontests/utils/http.py b/tests/regressiontests/utils/http.py new file mode 100644 index 0000000000..4b55196c0e --- /dev/null +++ b/tests/regressiontests/utils/http.py @@ -0,0 +1,24 @@ +import unittest + +from django.utils import http + +class TestUtilsHttp(unittest.TestCase): + + def test_same_origin_true(self): + # Identical + self.assertTrue(http.same_origin('http://foo.com/', 'http://foo.com/')) + # One with trailing slash - see #15617 + self.assertTrue(http.same_origin('http://foo.com', 'http://foo.com/')) + self.assertTrue(http.same_origin('http://foo.com/', 'http://foo.com')) + # With port + self.assertTrue(http.same_origin('https://foo.com:8000', 'https://foo.com:8000/')) + + def test_same_origin_false(self): + # Different scheme + self.assertFalse(http.same_origin('http://foo.com', 'https://foo.com')) + # Different host + self.assertFalse(http.same_origin('http://foo.com', 'http://goo.com')) + # Different host again + self.assertFalse(http.same_origin('http://foo.com', 'http://foo.com.evil.com')) + # Different port + self.assertFalse(http.same_origin('http://foo.com:8000', 'http://foo.com:8001')) |