#32596: Add a method to CsrfViewMiddleware to encapsulate its referer logic
-------------------------------------+-------------------------------------
Reporter: Chris Jerdonek | Owner: Chris
Type: | Jerdonek
Cleanup/optimization | Status: assigned
Component: CSRF | Version: dev
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
CsrfViewMiddleware,referer |
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------
Comment (by Chris Jerdonek):
I posted a PR here: https://github.com/django/django/pull/14211
To go along with the refactor, the PR includes two related refactorings,
one of which that can also be viewed as an optimization (this is the one
alluded to in my original comment above).
I also improved the tests to go along with the refactor. These are
included in the same commit as the refactor and check that an exception
was raised by the method. This is similar to how the `HTTP_ORIGIN` tests
also test the `_origin_verified()` method in addition to testing
`process_view()`.
While working on enhancing those tests, I also discovered two code paths
that previously weren't covered, so I added tests for those in a separate
commit, before the refactor.
--
Ticket URL: <https://code.djangoproject.com/ticket/32596#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/067.eb5daab98f8fff18193dde6d59524c4c%40djangoproject.com.
