mirror of
https://github.com/django/django.git
synced 2025-10-24 14:16:09 +00:00
Fixed #25017 -- Allowed customizing the DISALLOWED_USER_AGENTS response
This commit is contained in:
@@ -5,6 +5,7 @@ import re
|
||||
from django import http
|
||||
from django.conf import settings
|
||||
from django.core import urlresolvers
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.core.mail import mail_managers
|
||||
from django.utils.encoding import force_text
|
||||
|
||||
@@ -47,13 +48,7 @@ class CommonMiddleware(object):
|
||||
if 'HTTP_USER_AGENT' in request.META:
|
||||
for user_agent_regex in settings.DISALLOWED_USER_AGENTS:
|
||||
if user_agent_regex.search(request.META['HTTP_USER_AGENT']):
|
||||
logger.warning('Forbidden (User agent): %s', request.path,
|
||||
extra={
|
||||
'status_code': 403,
|
||||
'request': request
|
||||
}
|
||||
)
|
||||
return http.HttpResponseForbidden('<h1>Forbidden</h1>')
|
||||
raise PermissionDenied('Forbidden user agent')
|
||||
|
||||
# Check for a redirect based on settings.APPEND_SLASH
|
||||
# and settings.PREPEND_WWW
|
||||
|
@@ -452,6 +452,12 @@ Requests and Responses
|
||||
<django.http.HttpRequest.urlconf>` to ``None`` to revert any changes made
|
||||
by previous middleware and return to using the :setting:`ROOT_URLCONF`.
|
||||
|
||||
* The :setting:`DISALLOWED_USER_AGENTS` check in
|
||||
:class:`~django.middleware.common.CommonMiddleware` now raises a
|
||||
:class:`~django.core.exceptions.PermissionDenied` exception as opposed to
|
||||
returning an :class:`~django.http.HttpResponseForbidden` so that
|
||||
:data:`~django.conf.urls.handler403` is invoked.
|
||||
|
||||
Tests
|
||||
^^^^^
|
||||
|
||||
|
@@ -9,6 +9,7 @@ from unittest import skipIf
|
||||
|
||||
from django.conf import settings
|
||||
from django.core import mail
|
||||
from django.core.exceptions import PermissionDenied
|
||||
from django.http import (
|
||||
FileResponse, HttpRequest, HttpResponse, HttpResponsePermanentRedirect,
|
||||
HttpResponseRedirect, StreamingHttpResponse,
|
||||
@@ -256,9 +257,8 @@ class CommonMiddlewareTest(SimpleTestCase):
|
||||
with patch_logger('django.request', 'warning') as log_messages:
|
||||
request = self.rf.get('/slash')
|
||||
request.META['HTTP_USER_AGENT'] = 'foo'
|
||||
r = CommonMiddleware().process_request(request)
|
||||
self.assertEqual(r.status_code, 403)
|
||||
self.assertEqual(log_messages, ['Forbidden (User agent): /slash'])
|
||||
with self.assertRaisesMessage(PermissionDenied, 'Forbidden user agent'):
|
||||
CommonMiddleware().process_request(request)
|
||||
|
||||
def test_non_ascii_query_string_does_not_crash(self):
|
||||
"""Regression test for #15152"""
|
||||
|
Reference in New Issue
Block a user