Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

[1.4.x] Fixed #19172 -- Isolated poisoned_http_host tests from 500 ha…

…ndlers

Thanks bernardofontes for the report.

Backport of b774c59 from master.
  • Loading branch information...
commit ad2d57a2ccb6316001205739090a2a1d79453207 1 parent 37c87b7
@claudep claudep authored
Showing with 4 additions and 0 deletions.
  1. +4 −0 django/contrib/auth/tests/views.py
View
4 django/contrib/auth/tests/views.py
@@ -118,6 +118,8 @@ def test_admin_reset(self):
self.assertTrue("http://adminsite.com" in mail.outbox[0].body)
self.assertEqual(settings.DEFAULT_FROM_EMAIL, mail.outbox[0].from_email)
+ # Skip any 500 handler action (like sending more mail...)
+ @override_settings(DEBUG_PROPAGATE_EXCEPTIONS=True)
def test_poisoned_http_host(self):
"Poisoned HTTP_HOST headers can't be used for reset emails"
# This attack is based on the way browsers handle URLs. The colon
@@ -134,6 +136,8 @@ def test_poisoned_http_host(self):
)
self.assertEqual(len(mail.outbox), 0)
+ # Skip any 500 handler action (like sending more mail...)
+ @override_settings(DEBUG_PROPAGATE_EXCEPTIONS=True)
def test_poisoned_http_host_admin_site(self):
"Poisoned HTTP_HOST headers can't be used for reset emails on admin views"
with self.assertRaises(SuspiciousOperation):

0 comments on commit ad2d57a

Please sign in to comment.
Something went wrong with that request. Please try again.