id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
23815	CsrfViewMiddleware UnicodeDecodeError	codeitloadit	nobody	"The csrf middleware is raising an exception when the HTTP_REFERER contains non-ascii characters.  Since this code is attempting to validate the referer, I would expect these request to just be rejected and return 403.

Here is the code in `django/middleware/csrf.py`:

{{{

                referer = request.META.get('HTTP_REFERER')
                if referer is None:
                    return self._reject(request, REASON_NO_REFERER)

                # Note that request.get_host() includes the port.
                good_referer = 'https://%s/' % request.get_host()
                if not same_origin(referer, good_referer):
                    reason = REASON_BAD_REFERER % (referer, good_referer)
                    return self._reject(request, reason)
}}}

This issue is very similar to [https://code.djangoproject.com/ticket/20356] which was patched by [https://github.com/django/django/commit/8fd44b2551b9cca765b216a31306f9c6935f1492] which just encodes the referer like so:
{{{
                referer = force_text(request.META.get('HTTP_REFERER', ''), errors='replace')
}}}"	Bug	closed	HTTP handling	dev	Normal	fixed	middleware CsrfViewMiddleware UnicodeDecodeError		Ready for checkin	1	0	0	0	0	0