id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
32571	CsrfViewMiddleware assumes referer header can be parsed	Chris Jerdonek	AdamDonna	"Django's `CsrfViewMiddleware` assumes that the HTTP referer header is valid when checking it. Specifically, it doesn't handle the case of `urlparse()` raising a `ValueError` in this line (e.g. for urls like `'https://['`):
https://github.com/django/django/blob/45814af6197cfd8f4dc72ee43b90ecde305a1d5a/django/middleware/csrf.py#L244"	Bug	closed	CSRF	3.1	Normal	fixed	referer,CSRF,CsrfViewMiddleware		Ready for checkin	1	0	0	0	0	0