#32578: Handle request.get_host() raising DisallowedHost in
CsrfViewMiddleware._origin_verified()
-------------------------------------+-------------------------------------
Reporter: Chris | Owner: nobody
Jerdonek |
Type: | Status: new
Uncategorized |
Component: CSRF | Version: dev
Severity: Normal | Keywords:
Triage Stage: | CsrfViewMiddleware,DisallowedHost
Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
Currently, on this line, `CsrfViewMiddleware._origin_verified()` doesn't
handle `request.get_host()` raising `DisallowedHost`:
https://github.com/django/django/blob/41e6b2a3c5e723256506b9ff49437d52a1f3bf43/django/middleware/csrf.py#L229-L231
Since Django was previously fixed to handle `request.get_host()` raising
`DisallowedHost` elsewhere in `CsrfViewMiddleware.process_view()` (see
ticket #28693), it seems like it should be handled here, too.
--
Ticket URL: <https://code.djangoproject.com/ticket/32578>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/052.07ec2d9414bf3ae8d016dd4a34a4dc04%40djangoproject.com.
