mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 06:06:09 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #32796 -- Changed CsrfViewMiddleware to fail earlier on badly formatted cookie tokens.

Browse Source
This commit is contained in:
Chris Jerdonek
2021-05-31 04:26:11 -07:00
committed by Mariusz Felisiak
parent 623cec0879
commit cd19db10df
2 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/csrf_tests/tests.py
View File

@@ -863,14 +863,14 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
If the CSRF cookie has invalid characters in a POST request, the
middleware rejects the incoming request.
"""
self._check_bad_or_missing_cookie(64 * '*', REASON_CSRF_TOKEN_MISSING)
self._check_bad_or_missing_cookie(64 * '*', 'CSRF cookie has invalid characters.')
def test_bad_csrf_cookie_length(self):
"""
If the CSRF cookie has an incorrect length in a POST request, the
middleware rejects the incoming request.
"""
self._check_bad_or_missing_cookie(16 * 'a', REASON_CSRF_TOKEN_MISSING)
self._check_bad_or_missing_cookie(16 * 'a', 'CSRF cookie has incorrect length.')
def test_process_view_token_too_long(self):
"""