Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Permitted domains settings to include csrf

`s/PERMITTED_DOMAINS/CSRF_PERMITTED_DOMAINS`, to express what this
setting directly affects.

Signed-off-by: Rohan Jain <crodjer@gmail.com>
  • Loading branch information...
commit cd6d781b044ad46ebdbc98950227aba823ddd2b1 1 parent ee52142
@crodjer authored
View
2  django/middleware/csrf.py
@@ -117,7 +117,7 @@ def process_view(self, request, callback, callback_args, callback_kwargs):
# Note that host includes the port.
host = request.META.get('HTTP_HOST', '')
origin = request.META.get('HTTP_ORIGIN')
- permitted_domains = getattr(settings, 'PERMITTED_DOMAINS', [host])
+ permitted_domains = getattr(settings, 'CSRF_PERMITTED_DOMAINS', [host])
# If origin header exists, use it to check for csrf attacks.
# Origin header is being compared to None here because we need to
View
12 tests/regressiontests/csrf_tests/tests.py
@@ -344,7 +344,7 @@ def view(request):
self.assertTrue(resp2.cookies.get(settings.CSRF_COOKIE_NAME, False))
self.assertTrue('Cookie' in resp2.get('Vary',''))
- @override_settings(PERMITTED_DOMAINS=['www.example.com'])
+ @override_settings(CSRF_PERMITTED_DOMAINS=['www.example.com'])
def test_good_origin_header(self):
"""
Test if a good origin header is accepted for across subdomain settings.
@@ -355,7 +355,7 @@ def test_good_origin_header(self):
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
self.assertEqual(None, req2)
- @override_settings(PERMITTED_DOMAINS=['example.com'])
+ @override_settings(CSRF_PERMITTED_DOMAINS=['example.com'])
def test_good_origin_header_3(self):
"""
Test if a good origin header is accepted for a no subdomain.
@@ -387,7 +387,7 @@ def test_bad_origin_header(self):
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
self.assertEqual(403, req2.status_code)
- @override_settings(PERMITTED_DOMAINS=['example.com'])
+ @override_settings(CSRF_PERMITTED_DOMAINS=['example.com'])
def test_bad_origin_header_2(self):
"""
Test if a bad origin header is rejected for subdomains.
@@ -408,7 +408,7 @@ def test_bad_origin_header_3(self):
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
self.assertEqual(403, req2.status_code)
- @override_settings(PERMITTED_DOMAINS=['crossdomain.com'])
+ @override_settings(CSRF_PERMITTED_DOMAINS=['crossdomain.com'])
def test_permitted_domains_cross(self):
'''
Test if permitted cross domains requests work
@@ -421,7 +421,7 @@ def test_permitted_domains_cross(self):
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
self.assertEqual(None, req2)
- @override_settings(PERMITTED_DOMAINS=['example.com', '*.crossdomain.com'])
+ @override_settings(CSRF_PERMITTED_DOMAINS=['example.com', '*.crossdomain.com'])
def test_permitted_domains_cross_glob(self):
'''
Test if permitted cross domains specified in glob foramt work
@@ -434,7 +434,7 @@ def test_permitted_domains_cross_glob(self):
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
self.assertEqual(None, req2)
- @override_settings(PERMITTED_DOMAINS=['example.com', 'valid.crossdomain.com'])
+ @override_settings(CSRF_PERMITTED_DOMAINS=['example.com', 'valid.crossdomain.com'])
def test_permitted_domains_cross_invalid(self):
'''
Test if permitted cross domains invalid check works
Please sign in to comment.
Something went wrong with that request. Please try again.