Ticket #32578: 32578.diff

File 32578.diff, 877 bytes (added by Mariusz Felisiak, 16 months ago)

Regression test.

  • tests/csrf_tests/tests.py

    diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py
    index 30a58b864c..9f52cdef7e 100644
    a b class CsrfViewMiddlewareTestMixin: 
    317317        response = mw.process_view(req, token_view, (), {})
    318318        self.assertEqual(response.status_code, 403)
    319319
     320    def test_origin_malformed_host(self):
     321        req = self._get_POST_no_csrf_cookie_request()
     322        req._is_secure_override = True
     323        req.META['HTTP_HOST'] = '@malformed'
     324        req.META['HTTP_ORIGIN'] = 'https://www.evil.org'
     325        req.META['SERVER_PORT'] = '443'
     326        mw = CsrfViewMiddleware(token_view)
     327        response = mw.process_view(req, token_view, (), {})
     328        self.assertEqual(response.status_code, 403)
     329
    320330    @override_settings(DEBUG=True)
    321331    def test_https_malformed_referer(self):
    322332        """
Back to Top