#23815: CsrfViewMiddleware UnicodeDecodeError
-------------------------------------+-------------------------------------
Reporter: codeitloadit | Owner: nobody
Type: Bug | Status: new
Component: HTTP handling | Version: master
Severity: Normal | Resolution:
Keywords: middleware | Triage Stage: Accepted
CsrfViewMiddleware |
UnicodeDecodeError |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by living180):
I was able to reproduce with Django 1.7.2/Python 2.7.9. Reproducing
requires accessing Django using HTTPS, because the affected code is behind
`if request.is_secure():`. To achieve this, I used the `django-sslserver`
application (https://github.com/teddziuba/django-sslserver) in conjunction
with a simple project with the Django admin enabled. Using the `requests`
module to supply a bad `REFERER` header when POST-ing to the admin login
page:
{{{#!python
import requests
requests.post('https://localhost:8000/admin/login/',
headers={'referer': '\xd8B\xf6I\xdf'},
verify=False).text
}}}
I get the `UnicodeDecodeError`.
--
Ticket URL: <https://code.djangoproject.com/ticket/23815#comment:5>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/070.3c38fbdd6b4ea905b324cb0ace591c40%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
