Fixed #15617 - CSRF referer checking too strict

Thanks to adam for the report.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15840 bcc190cf-cafb-0310-a4f2-bffc1f526a37

tests/regressiontests/utils/http.py

@@ -0,0 +1,23 @@
+from django.utils import http
+from django.utils import unittest
+
+class TestUtilsHttp(unittest.TestCase):
+
+    def test_same_origin_true(self):
+        # Identical
+        self.assertTrue(http.same_origin('http://foo.com/', 'http://foo.com/'))
+        # One with trailing slash - see #15617
+        self.assertTrue(http.same_origin('http://foo.com', 'http://foo.com/'))
+        self.assertTrue(http.same_origin('http://foo.com/', 'http://foo.com'))
+        # With port
+        self.assertTrue(http.same_origin('https://foo.com:8000', 'https://foo.com:8000/'))
+
+    def test_same_origin_false(self):
+        # Different scheme
+        self.assertFalse(http.same_origin('http://foo.com', 'https://foo.com'))
+        # Different host
+        self.assertFalse(http.same_origin('http://foo.com', 'http://goo.com'))
+        # Different host again
+        self.assertFalse(http.same_origin('http://foo.com', 'http://foo.com.evil.com'))
+        # Different port
+        self.assertFalse(http.same_origin('http://foo.com:8000', 'http://foo.com:8001'))