id,summary,reporter,owner,description,type,status,component,version,severity,resolution,keywords,cc,stage,has_patch,needs_docs,needs_tests,needs_better_patch,easy,ui_ux 23815,CsrfViewMiddleware UnicodeDecodeError,codeitloadit,nobody,"The csrf middleware is raising an exception when the HTTP_REFERER contains non-ascii characters. Since this code is attempting to validate the referer, I would expect these request to just be rejected and return 403. Here is the code in `django/middleware/csrf.py`: {{{ referer = request.META.get('HTTP_REFERER') if referer is None: return self._reject(request, REASON_NO_REFERER) # Note that request.get_host() includes the port. good_referer = 'https://%s/' % request.get_host() if not same_origin(referer, good_referer): reason = REASON_BAD_REFERER % (referer, good_referer) return self._reject(request, reason) }}} This issue is very similar to [https://code.djangoproject.com/ticket/20356] which was patched by [https://github.com/django/django/commit/8fd44b2551b9cca765b216a31306f9c6935f1492] which just encodes the referer like so: {{{ referer = force_text(request.META.get('HTTP_REFERER', ''), errors='replace') }}}",Bug,closed,HTTP handling,dev,Normal,fixed,middleware CsrfViewMiddleware UnicodeDecodeError,,Ready for checkin,1,0,0,0,0,0