id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
24321	`utils.http.same_origin` doesn't comply with RFC6454	Lukas Klein	nobody	"According to RFC6454 (http://tools.ietf.org/html/rfc6454#section-3.2.1) this should both be true:

{{{#!python
>>> from django.utils.http import same_origin
>>> same_origin('http://google.com', 'http://google.com')
True
>>> same_origin('http://google.com', 'http://google.com:80')
False
}}}

Quote:

    All of the following resources have the same origin:
     http://example.com/
     http://example.com:80/
     http://example.com/path/file
    Each of the URIs has the same scheme, host, and port components.

Django's `same_origin` uses the standard urllib, which will return an empty port if none is explicitly specified.

My suggestion (see GitHub pull request: https://github.com/django/django/pull/4108) is to extend `same_origin` to use a protocol-to-port-mapping if no port is explicitly declared."	Bug	new	Utilities	dev	Normal				Unreviewed	1	0	0	0	0	0