Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

[1.3.X] Fixed #16632 -- Crash on responses without Content-Type with …

…IE. Backport of r17196.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17198 bcc190cf-cafb-0310-a4f2-bffc1f526a37
  • Loading branch information...
commit b5853cf043fe22277e5aff7648b5b1a74b778255 1 parent 68f37a9
@aaugustin aaugustin authored
Showing with 50 additions and 1 deletion.
  1. +2 −1  django/http/utils.py
  2. +48 −0 tests/regressiontests/utils/http.py
View
3  django/http/utils.py
@@ -76,7 +76,8 @@ def fix_IE_for_vary(request, response):
# The first part of the Content-Type field will be the MIME type,
# everything after ';', such as character-set, can be ignored.
- if response['Content-Type'].split(';')[0] not in safe_mime_types:
+ mime_type = response.get('Content-Type', '').partition(';')[0]
+ if mime_type not in safe_mime_types:
try:
del response['Vary']
except KeyError:
View
48 tests/regressiontests/utils/http.py
@@ -1,5 +1,7 @@
from django.utils import http
from django.utils import unittest
+from django.http import HttpResponse, utils
+from django.test import RequestFactory
class TestUtilsHttp(unittest.TestCase):
@@ -21,3 +23,49 @@ def test_same_origin_false(self):
self.assertFalse(http.same_origin('http://foo.com', 'http://foo.com.evil.com'))
# Different port
self.assertFalse(http.same_origin('http://foo.com:8000', 'http://foo.com:8001'))
+
+ def test_fix_IE_for_vary(self):
+ """
+ Regression for #16632.
+
+ `fix_IE_for_vary` shouldn't crash when there's no Content-Type header.
+ """
+
+ # functions to generate responses
+ def response_with_unsafe_content_type():
+ r = HttpResponse(content_type="text/unsafe")
+ r['Vary'] = 'Cookie'
+ return r
+
+ def no_content_response_with_unsafe_content_type():
+ # 'Content-Type' always defaulted, so delete it
+ r = response_with_unsafe_content_type()
+ del r['Content-Type']
+ return r
+
+ # request with & without IE user agent
+ rf = RequestFactory()
+ request = rf.get('/')
+ ie_request = rf.get('/', HTTP_USER_AGENT='MSIE')
+
+ # not IE, unsafe_content_type
+ response = response_with_unsafe_content_type()
+ utils.fix_IE_for_vary(request, response)
+ self.assertTrue('Vary' in response)
+
+ # IE, unsafe_content_type
+ response = response_with_unsafe_content_type()
+ utils.fix_IE_for_vary(ie_request, response)
+ self.assertFalse('Vary' in response)
+
+ # not IE, no_content
+ response = no_content_response_with_unsafe_content_type()
+ utils.fix_IE_for_vary(request, response)
+ self.assertTrue('Vary' in response)
+
+ # IE, no_content
+ response = no_content_response_with_unsafe_content_type()
+ utils.fix_IE_for_vary(ie_request, response)
+ self.assertFalse('Vary' in response)
+
+
Please sign in to comment.
Something went wrong with that request. Please try again.