Opened 7 years ago

Closed 7 years ago

#27606 closed Bug (fixed)

Error in formatting HttpResponseRedirect when __init__() raises DisallowedHost

Reported by: Jerome Leclanche Owned by: Jerome Leclanche
Component: HTTP handling Version: 1.10
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: yes UI/UX: no

Description (last modified by Jerome Leclanche)

When initializing an HttpResponseRedirect with a redirect url that does not match the allowed_schemes attribute, the DisallowedRedirect exception is raised before super(HttpResponseRedirectBase, self).__init__(*args, **kwargs) is called, which sets self._headers.

This causes repr()ing/printing the response to error out with AttributeError: 'HttpResponseRedirect' object has no attribute '_headers'.

Ref: django/http/response.py (HttpResponseRedirectBase)

Attachments (1)

example.png (56.5 KB ) - added by Jerome Leclanche 7 years ago.
Example screenshot

Download all attachments as: .zip

Change History (14)

comment:1 by Jerome Leclanche, 7 years ago

Description: modified (diff)

comment:2 by Tim Graham, 7 years ago

Component: UncategorizedHTTP handling

Could you provide a complete snippet or a test for Django's test suite that demonstrates the problem?

by Jerome Leclanche, 7 years ago

Attachment: example.png added

Example screenshot

comment:3 by Jerome Leclanche, 7 years ago

The easiest way to reproduce it is to initialize HttpResponseRedirect("invalid-scheme://foo") from a django view and look at the resulting debug variables. It's a trivial error as it *should* only appear when catching the exception and debugging it.

comment:4 by Tim Graham, 7 years ago

Thanks. HttpResponseBase aliases __str__ = serialize_headers. A solution could be to define a complete __str__ that uses the value of super() if self._headers isn't set. I'm not sure it's worth it. Is the formatting error more than a minor cosmetic problem?

comment:5 by Jerome Leclanche, 7 years ago

In 95% of cases it's just a cosmetic issue on the django debug page, but I suspect it might actually obscure other bugs, especially if someone is using Sentry or a similar exception catcher.

Is there a reason why the exception is raised before super()? It seems incorrect to do so at first glance.

comment:6 by Tim Graham, 7 years ago

Easy pickings: set
Summary: Error in formatting HttpResponseRedirectError in formatting HttpResponseRedirect when __init__() raises DisallowedHost
Triage Stage: UnreviewedAccepted

I think it would be fine.

in reply to:  6 comment:7 by Babatunde Akinyanmi, 7 years ago

Replying to Tim Graham:

I think it would be fine.

Do you mean it would be fine to call super before raising the exception?

comment:8 by Tim Graham, 7 years ago

Yes.

comment:9 by Jerome Leclanche, 7 years ago

Owner: changed from nobody to Jerome Leclanche
Status: newassigned

comment:11 by Tim Graham, 7 years ago

Has patch: set
Needs tests: set

comment:12 by Claude Paroz, 7 years ago

Needs tests: unset

comment:13 by Tim Graham <timograham@…>, 7 years ago

Resolution: fixed
Status: assignedclosed

In a849ec18:

Fixed #27606 -- Fixed HttpResponseRedirect.repr() crash when DisallowedRedirect is raised.

Note: See TracTickets for help on using tickets.
Back to Top