mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

[1.8.x] Fixed #24321 -- Improved utils.http.same_origin compliance with RFC6454

Browse Source 
Backport of 93b3ef9b2e from master.
This commit is contained in:
Lukas Klein
2015-02-11 11:09:51 +01:00
committed by Claude Paroz
parent a6ea62aeaf
commit 1904022f91
2 changed files with 15 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/utils_tests/test_http.py
View File

@@ -18,6 +18,9 @@ class TestUtilsHttp(unittest.TestCase):
self.assertTrue(http.same_origin('http://foo.com/', 'http://foo.com'))
# With port
self.assertTrue(http.same_origin('https://foo.com:8000', 'https://foo.com:8000/'))
# No port given but according to RFC6454 still the same origin
self.assertTrue(http.same_origin('http://foo.com', 'http://foo.com:80/'))
self.assertTrue(http.same_origin('https://foo.com', 'https://foo.com:443/'))
def test_same_origin_false(self):
# Different scheme
@@ -28,6 +31,9 @@ class TestUtilsHttp(unittest.TestCase):
self.assertFalse(http.same_origin('http://foo.com', 'http://foo.com.evil.com'))
# Different port
self.assertFalse(http.same_origin('http://foo.com:8000', 'http://foo.com:8001'))
# No port given
self.assertFalse(http.same_origin('http://foo.com', 'http://foo.com:8000/'))
self.assertFalse(http.same_origin('https://foo.com', 'https://foo.com:8000/'))
def test_urlencode(self):
# 2-tuples (the norm)