RetroSearch Browse

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/django/django/commit/27cd872e6e36a81d0bb6f5b8765a1705fecfc253 below:

[1.3.x] Added ALLOWED_HOSTS setting for HTTP host header validation. · django/django@27cd872 · GitHub


 @@ -63,43 +63,49 @@ def test_httprequest_location(self):

63 63


 'http://www.example.com/path/with:colons')

64 64 65 65


 def test_http_get_host(self):

66

-
 old_USE_X_FORWARDED_HOST = settings.USE_X_FORWARDED_HOST

66

+
 _old_USE_X_FORWARDED_HOST = settings.USE_X_FORWARDED_HOST

67

+
 _old_ALLOWED_HOSTS = settings.ALLOWED_HOSTS

67 68


 try:

68 69


 settings.USE_X_FORWARDED_HOST = False

70

+
 settings.ALLOWED_HOSTS = [

71

+
 'forward.com', 'example.com', 'internal.com', '12.34.56.78',

72

+
 '[2001:19f0:feee::dead:beef:cafe]', 'xn--4ca9at.com',

73

+
 '.multitenant.com', 'INSENSITIVE.com',

74

+
 ]

69 75 70 76


 # Check if X_FORWARDED_HOST is provided.

71 77


 request = HttpRequest()

72 78


 request.META = {

73

-
 u'HTTP_X_FORWARDED_HOST': u'forward.com',

74

-
 u'HTTP_HOST': u'example.com',

75

-
 u'SERVER_NAME': u'internal.com',

76

-
 u'SERVER_PORT': 80,

79

+
 'HTTP_X_FORWARDED_HOST': 'forward.com',

80

+
 'HTTP_HOST': 'example.com',

81

+
 'SERVER_NAME': 'internal.com',

82

+
 'SERVER_PORT': 80,

77 83

78 84


 # X_FORWARDED_HOST is ignored.

79 85


 self.assertEqual(request.get_host(), 'example.com')

80 86 81 87


 # Check if X_FORWARDED_HOST isn't provided.

82 88


 request = HttpRequest()

83 89


 request.META = {

84

-
 u'HTTP_HOST': u'example.com',

85

-
 u'SERVER_NAME': u'internal.com',

86

-
 u'SERVER_PORT': 80,

90

+
 'HTTP_HOST': 'example.com',

91

+
 'SERVER_NAME': 'internal.com',

92

+
 'SERVER_PORT': 80,

87 93

88 94


 self.assertEqual(request.get_host(), 'example.com')

89 95 90 96


 # Check if HTTP_HOST isn't provided.

91 97


 request = HttpRequest()

92 98


 request.META = {

93

-
 u'SERVER_NAME': u'internal.com',

94

-
 u'SERVER_PORT': 80,

99

+
 'SERVER_NAME': 'internal.com',

100

+
 'SERVER_PORT': 80,

95 101

96 102


 self.assertEqual(request.get_host(), 'internal.com')

97 103 98 104


 # Check if HTTP_HOST isn't provided, and we're on a nonstandard port

99 105


 request = HttpRequest()

100 106


 request.META = {

101

-
 u'SERVER_NAME': u'internal.com',

102

-
 u'SERVER_PORT': 8042,

107

+
 'SERVER_NAME': 'internal.com',

108

+
 'SERVER_PORT': 8042,

103 109

104 110


 self.assertEqual(request.get_host(), 'internal.com:8042')

105 111


 @@ -112,6 +118,9 @@ def test_http_get_host(self):

112 118


 '[2001:19f0:feee::dead:beef:cafe]',

113 119


 '[2001:19f0:feee::dead:beef:cafe]:8080',

114 120


 'xn--4ca9at.com', # Punnycode for öäü.com

121

+
 'anything.multitenant.com',

122

+
 'multitenant.com',

123

+
 'insensitive.com',

115 124

116 125 117 126


 poisoned_hosts = [


 @@ -120,6 +129,7 @@ def test_http_get_host(self):

120 129


 'example.com:dr.frankenstein@evil.tld:80',

121 130


 'example.com:80/badpath',

122 131


 'example.com: recovermypassword.com',

132

+
 'other.com', # not in ALLOWED_HOSTS

123 133

124 134 125 135


 for host in legit_hosts:


 @@ -130,55 +140,57 @@ def test_http_get_host(self):

130 140


 request.get_host()

131 141 132 142


 for host in poisoned_hosts:

133

-
 def test_host_poisoning():

143

+
 def _test():

134 144


 request = HttpRequest()

135 145


 request.META = {

136 146


 'HTTP_HOST': host,

137 147

138 148


 request.get_host()

139

-
 self.assertRaises(SuspiciousOperation, test_host_poisoning)

140 - 149

+
 self.assertRaises(SuspiciousOperation, _test)

141 150


 finally:

142

-
 settings.USE_X_FORWARDED_HOST = old_USE_X_FORWARDED_HOST

151

+
 settings.ALLOWED_HOSTS = _old_ALLOWED_HOSTS

152

+
 settings.USE_X_FORWARDED_HOST = _old_USE_X_FORWARDED_HOST

143 153 144 154


 def test_http_get_host_with_x_forwarded_host(self):

145

-
 old_USE_X_FORWARDED_HOST = settings.USE_X_FORWARDED_HOST

155

+
 _old_USE_X_FORWARDED_HOST = settings.USE_X_FORWARDED_HOST

156

+
 _old_ALLOWED_HOSTS = settings.ALLOWED_HOSTS

146 157


 try:

147 158


 settings.USE_X_FORWARDED_HOST = True

159

+
 settings.ALLOWED_HOSTS = ['*']

148 160 149 161


 # Check if X_FORWARDED_HOST is provided.

150 162


 request = HttpRequest()

151 163


 request.META = {

152

-
 u'HTTP_X_FORWARDED_HOST': u'forward.com',

153

-
 u'HTTP_HOST': u'example.com',

154

-
 u'SERVER_NAME': u'internal.com',

155

-
 u'SERVER_PORT': 80,

164

+
 'HTTP_X_FORWARDED_HOST': 'forward.com',

165

+
 'HTTP_HOST': 'example.com',

166

+
 'SERVER_NAME': 'internal.com',

167

+
 'SERVER_PORT': 80,

156 168

157 169


 # X_FORWARDED_HOST is obeyed.

158 170


 self.assertEqual(request.get_host(), 'forward.com')

159 171 160 172


 # Check if X_FORWARDED_HOST isn't provided.

161 173


 request = HttpRequest()

162 174


 request.META = {

163

-
 u'HTTP_HOST': u'example.com',

164

-
 u'SERVER_NAME': u'internal.com',

165

-
 u'SERVER_PORT': 80,

175

+
 'HTTP_HOST': 'example.com',

176

+
 'SERVER_NAME': 'internal.com',

177

+
 'SERVER_PORT': 80,

166 178

167 179


 self.assertEqual(request.get_host(), 'example.com')

168 180 169 181


 # Check if HTTP_HOST isn't provided.

170 182


 request = HttpRequest()

171 183


 request.META = {

172

-
 u'SERVER_NAME': u'internal.com',

173

-
 u'SERVER_PORT': 80,

184

+
 'SERVER_NAME': 'internal.com',

185

+
 'SERVER_PORT': 80,

174 186

175 187


 self.assertEqual(request.get_host(), 'internal.com')

176 188 177 189


 # Check if HTTP_HOST isn't provided, and we're on a nonstandard port

178 190


 request = HttpRequest()

179 191


 request.META = {

180

-
 u'SERVER_NAME': u'internal.com',

181

-
 u'SERVER_PORT': 8042,

192

+
 'SERVER_NAME': 'internal.com',

193

+
 'SERVER_PORT': 8042,

182 194

183 195


 self.assertEqual(request.get_host(), 'internal.com:8042')

184 196


 @@ -209,16 +221,33 @@ def test_http_get_host_with_x_forwarded_host(self):

209 221


 request.get_host()

210 222 211 223


 for host in poisoned_hosts:

212

-
 def test_host_poisoning():

224

+
 def _test():

213 225


 request = HttpRequest()

214 226


 request.META = {

215 227


 'HTTP_HOST': host,

216 228

217 229


 request.get_host()

218

-
 self.assertRaises(SuspiciousOperation, test_host_poisoning)

230

+
 self.assertRaises(SuspiciousOperation, _test)

231

+
 finally:

232

+
 settings.ALLOWED_HOSTS = _old_ALLOWED_HOSTS

233

+
 settings.USE_X_FORWARDED_HOST = _old_USE_X_FORWARDED_HOST

234 + 235

+
 def test_host_validation_disabled_in_debug_mode(self):

236

+
 """If ALLOWED_HOSTS is empty and DEBUG is True, all hosts pass."""

237

+
 _old_DEBUG = settings.DEBUG

238

+
 _old_ALLOWED_HOSTS = settings.ALLOWED_HOSTS

239

+
 try:

240

+
 settings.DEBUG = True

241

+
 settings.ALLOWED_HOSTS = []

219 242 243

+
 request = HttpRequest()

244

+
 request.META = {

245

+
 'HTTP_HOST': 'example.com',

246

+
 }

247

+
 self.assertEqual(request.get_host(), 'example.com')

220 248


 finally:

221

-
 settings.USE_X_FORWARDED_HOST = old_USE_X_FORWARDED_HOST

249

+
 settings.DEBUG = _old_DEBUG

250

+
 settings.ALLOWED_HOSTS = _old_ALLOWED_HOSTS

222 251 223 252


 def test_near_expiration(self):

224 253


 "Cookie will expire when an near expiration time is provided"

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4