Skip to content
Browse files

Some more tests for permitted domains

Signed-off-by: Rohan Jain <crodjer@gmail.com>
  • Loading branch information...
1 parent 5df40b4 commit ee5214265835b0a315f660b98be5e8feeea57211 @crodjer committed
Showing with 39 additions and 0 deletions.
  1. +39 −0 tests/regressiontests/csrf_tests/tests.py
View
39 tests/regressiontests/csrf_tests/tests.py
@@ -407,3 +407,42 @@ def test_bad_origin_header_3(self):
req.META['HTTP_ORIGIN'] = 'http://www.evil.com'
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
self.assertEqual(403, req2.status_code)
+
+ @override_settings(PERMITTED_DOMAINS=['crossdomain.com'])
+ def test_permitted_domains_cross(self):
+ '''
+ Test if permitted cross domains requests work
+ '''
+ req = self._get_POST_request_with_token()
+ req.META['HTTP_HOST'] = 'example.com'
+ req.META['HTTP_ORIGIN'] = 'http://crossdomain.com'
+ req.META['HTTP_REFERER'] = 'http://crossdomain.com'
+
+ req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
+ self.assertEqual(None, req2)
+
+ @override_settings(PERMITTED_DOMAINS=['example.com', '*.crossdomain.com'])
+ def test_permitted_domains_cross_glob(self):
+ '''
+ Test if permitted cross domains specified in glob foramt work
+ '''
+ req = self._get_POST_request_with_token()
+ req.META['HTTP_HOST'] = 'example.com'
+ req.META['HTTP_ORIGIN'] = 'http://test.crossdomain.com'
+ req.META['HTTP_REFERER'] = 'http://test.crossdomain.com'
+
+ req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
+ self.assertEqual(None, req2)
+
+ @override_settings(PERMITTED_DOMAINS=['example.com', 'valid.crossdomain.com'])
+ def test_permitted_domains_cross_invalid(self):
+ '''
+ Test if permitted cross domains invalid check works
+ '''
+ req = self._get_POST_request_with_token()
+ req.META['HTTP_HOST'] = 'example.com'
+ req.META['HTTP_ORIGIN'] = 'http://invalid.crossdomain.com'
+ req.META['HTTP_REFERER'] = 'http://invalid.crossdomain.com'
+
+ req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
+ self.assertEqual(403, req2.status_code)

0 comments on commit ee52142

Please sign in to comment.
Something went wrong with that request. Please try again.