summaryrefslogtreecommitdiff
path: root/tests/auth_tests/test_views.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/auth_tests/test_views.py')
-rw-r--r--tests/auth_tests/test_views.py6
1 files changed, 6 insertions, 0 deletions
diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py
index 622a40de22..dbff931753 100644
--- a/tests/auth_tests/test_views.py
+++ b/tests/auth_tests/test_views.py
@@ -1335,6 +1335,12 @@ class LogoutTest(AuthViewsTestCase):
response = self.client.post("/logout/")
self.assertRedirects(response, "/custom/", fetch_redirect_response=False)
+ @override_settings(LOGOUT_REDIRECT_URL="/custom/")
+ def test_logout_redirect_url_setting_allowed_hosts_unsafe_host(self):
+ self.login()
+ response = self.client.post("/logout/allowed_hosts/?next=https://evil/")
+ self.assertRedirects(response, "/custom/", fetch_redirect_response=False)
+
@override_settings(LOGOUT_REDIRECT_URL="logout")
def test_logout_redirect_url_named_setting(self):
self.login()
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 03:15:17 +0000