mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 09:41:08 +00:00
Code Issues 32 Releases Wiki Activity

[1.10.x] Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True.

Browse Source 
This is a security fix.
This commit is contained in:
Tim Graham
2016-10-17 12:14:49 -04:00
parent 34e10720d8
commit 884e113838
7 changed files with 95 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/csrf_tests/tests.py
View File

@@ -377,7 +377,7 @@ class CsrfViewMiddlewareTest(SimpleTestCase):
self.assertEqual(len(csrf_cookie.value), CSRF_TOKEN_LENGTH)
self._check_token_present(resp, csrf_id=csrf_cookie.value)
@override_settings(DEBUG=True)
@override_settings(DEBUG=True, ALLOWED_HOSTS=['www.example.com'])
def test_https_bad_referer(self):
"""
Test that a POST HTTPS request with a bad referer is rejected