[Django] #32579: Two outdated code comments in CsrfViewMiddleware.process_view()

[Django]

#32579: Two outdated code comments in CsrfViewMiddleware.process_view()
-------------------------------------+-------------------------------------
               Reporter:  Chris      |          Owner:  nobody
  Jerdonek                           |
                   Type:             |         Status:  new
  Cleanup/optimization               |
              Component:  CSRF       |        Version:  dev
               Severity:  Normal     |       Keywords:  CsrfViewMiddleware
           Triage Stage:             |      Has patch:  0
  Unreviewed                         |
    Needs documentation:  0          |    Needs tests:  0
Patch needs improvement:  0          |  Easy pickings:  0
                  UI/UX:  0          |
-------------------------------------+-------------------------------------
 I noticed that a couple code comments in
 `CsrfViewMiddleware.process_view()` are outdated:

 First, there's this one:
 
https://github.com/django/django/blob/41e6b2a3c5e723256506b9ff49437d52a1f3bf43/django/middleware/csrf.py#L333-L334
 which wasn't updated here:
 
https://github.com/django/django/commit/b0c56b895fd2694d7f5d4595bdbbc41916607f45

 There's also this one:
 
https://github.com/django/django/blob/41e6b2a3c5e723256506b9ff49437d52a1f3bf43/django/middleware/csrf.py#L314-L316
 which wasn't updated quite correctly here:
 
https://github.com/django/django/commit/ddf169cdaca91e92dd5bfe6796bb6f38369ecb68

 Something like this would be better for the second one:

 {{{
 - # If there isn't a CSRF_COOKIE_DOMAIN, require an exact match
 - # match on host:port. If not, obey the cookie rules (or those
 - # for the session cookie, if CSRF_USE_SESSIONS).
   good_referer = (
       settings.SESSION_COOKIE_DOMAIN
       if settings.CSRF_USE_SESSIONS
       else settings.CSRF_COOKIE_DOMAIN
   )
 - if good_referer is not None:
 -     server_port = request.get_port()
 -     if server_port not in ('443', '80'):
 -         good_referer = '%s:%s' % (good_referer, server_port)
 - else:
 + if good_referer is None:
 +     # If no cookie domain is configured, allow matching the
 +     # current host:port.
       try:
           # request.get_host() includes the port.
           good_referer = request.get_host()
       except DisallowedHost:
           pass
 + else:
 +     server_port = request.get_port()
 +     if server_port not in ('443', '80'):
 +         good_referer = '%s:%s' % (good_referer, server_port)
 }}}

-- 
Ticket URL: <https://code.djangoproject.com/ticket/32579>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/052.a0c6809fb8f5efe8f1dceb1d501bb154%40djangoproject.com.