id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
20411	Invalid Referer header blows up on CSRF protection middleware	André Cruz	Steffen Zieger	"If a client sends an invalid Referer header such as 'http://http://xxx.pt/', the CSRF middleware will blow up with an error:

{{{
ERROR 2013-05-15 17:38:56,542 django.request:212 22023 140475533584128 Internal Server Error: /
Traceback (most recent call last):
  File ""/servers/python-environments/discosite/local/lib/python2.7/site-packages/django/core/handlers/base.py"", line 109, in get_response
    response = middleware_method(request, callback, callback_args, callback_kwargs)
  File ""/servers/python-environments/discosite/local/lib/python2.7/site-packages/django/middleware/csrf.py"", line 148, in process_view
    if not same_origin(referer, good_referer):
  File ""/servers/python-environments/discosite/local/lib/python2.7/site-packages/django/utils/http.py"", line 229, in same_origin
    return (p1.scheme, p1.hostname, p1.port) == (p2.scheme, p2.hostname, p2.port)
  File ""/usr/lib/python2.7/urlparse.py"", line 110, in port
    port = int(port, 10)
ValueError: invalid literal for int() with base 10: ''
}}}

Either we catch the Exception or we are more careful when comparing."	Bug	closed	HTTP handling	1.5	Normal	fixed	referer valueerror csrf	bmispelon@…	Ready for checkin	1	0	0	0	0	0