mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-04 19:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed CVE-2016-9014 -- Validated Host header when DEBUG=True.

Browse source 
This is a security fix.
This commit is contained in:
Tim Graham 2016-10-17 12:14:49 -04:00
parent da7910d483
commit 7fe2d8d940
7 changed files with 95 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tests/csrf_tests/tests.py
View file

@ -386,7 +386,7 @@ class CsrfViewMiddlewareTest(SimpleTestCase):
self.assertEqual(len(csrf_cookie.value), CSRF_TOKEN_LENGTH)
self._check_token_present(resp, csrf_id=csrf_cookie.value)
@override_settings(DEBUG=True)
@override_settings(DEBUG=True, ALLOWED_HOSTS=['www.example.com'])
def test_https_bad_referer(self):
"""
Test that a POST HTTPS request with a bad referer is rejected