id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 20411,Invalid Referer header blows up on CSRF protection middleware,André Cruz,Steffen Zieger,"If a client sends an invalid Referer header such as 'http://http://xxx.pt/', the CSRF middleware will blow up with an error: {{{ ERROR 2013-05-15 17:38:56,542 django.request:212 22023 140475533584128 Internal Server Error: / Traceback (most recent call last): File ""/servers/python-environments/discosite/local/lib/python2.7/site-packages/django/core/handlers/base.py"", line 109, in get_response response = middleware_method(request, callback, callback_args, callback_kwargs) File ""/servers/python-environments/discosite/local/lib/python2.7/site-packages/django/middleware/csrf.py"", line 148, in process_view if not same_origin(referer, good_referer): File ""/servers/python-environments/discosite/local/lib/python2.7/site-packages/django/utils/http.py"", line 229, in same_origin return (p1.scheme, p1.hostname, p1.port) == (p2.scheme, p2.hostname, p2.port) File ""/usr/lib/python2.7/urlparse.py"", line 110, in port port = int(port, 10) ValueError: invalid literal for int() with base 10: '' }}} Either we catch the Exception or we are more careful when comparing.",Bug,closed,HTTP handling,1.5,Normal,fixed,referer valueerror csrf,bmispelon@…,Ready for checkin,1,0,0,0,0,0