mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-04 19:08:28 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed #24321 -- Improved utils.http.same_origin compliance with RFC6454

Browse source
This commit is contained in:
Lukas Klein 2015-02-11 11:09:51 +01:00 committed by Claude Paroz
parent e2d6e14662
commit 93b3ef9b2e
2 changed files with 15 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tests/utils_tests/test_http.py
View file

@ -18,6 +18,9 @@ class TestUtilsHttp(unittest.TestCase):
self.assertTrue(http.same_origin('http://foo.com/', 'http://foo.com'))
# With port
self.assertTrue(http.same_origin('https://foo.com:8000', 'https://foo.com:8000/'))
# No port given but according to RFC6454 still the same origin
self.assertTrue(http.same_origin('http://foo.com', 'http://foo.com:80/'))
self.assertTrue(http.same_origin('https://foo.com', 'https://foo.com:443/'))
def test_same_origin_false(self):
# Different scheme
@ -28,6 +31,9 @@ class TestUtilsHttp(unittest.TestCase):
self.assertFalse(http.same_origin('http://foo.com', 'http://foo.com.evil.com'))
# Different port
self.assertFalse(http.same_origin('http://foo.com:8000', 'http://foo.com:8001'))
# No port given
self.assertFalse(http.same_origin('http://foo.com', 'http://foo.com:8000/'))
self.assertFalse(http.same_origin('https://foo.com', 'https://foo.com:8000/'))
def test_urlencode(self):
# 2-tuples (the norm)