def test_no_match(self):
self.assertFalse(
same_origin('http://example.com', 'http://example.org'))
self.assertFalse(
same_origin('https://example.com', 'http://example.com'))
self.assertFalse(
same_origin('http://example.com:443', 'http://example.com:80'))
def test_match(self):
self.assertTrue(
same_origin('https://example.com', 'https://example.com'))
self.assertTrue(
same_origin('https://example.com:80', 'https://example.com:80'))
self.assertTrue(
same_origin('https://example.com:80/different/path?query=4&five=6',
'https://example.com:80/no/match#path'))
def get_audience(request):
"""
Determine the audience to use for verification from the given request.
Relies on the BROWSERID_AUDIENCES setting, which is an explicit list of acceptable
audiences for your site.
:returns:
The first audience in BROWSERID_AUDIENCES that has the same origin as the request's
URL.
:raises:
:class:`django.core.exceptions.ImproperlyConfigured`: If BROWSERID_AUDIENCES isn't
defined, or if no matching audience could be found.
"""
protocol = 'https' if request.is_secure() else 'http'
host = '{0}://{1}'.format(protocol, request.get_host())
try:
audiences = settings.BROWSERID_AUDIENCES
if not audiences and settings.DEBUG:
return host
except AttributeError:
if settings.DEBUG:
return host
raise ImproperlyConfigured('Required setting BROWSERID_AUDIENCES not found!')
for audience in audiences:
if same_origin(host, audience):
return audience
# No audience found? We must not be configured properly, otherwise why are we getting this
# request?
raise ImproperlyConfigured('No audience could be found in BROWSERID_AUDIENCES for host `{0}`.'
.format(host))
def get_audience(request):
"""
Determine the audience to use for verification from the given request.
Relies on the BROWSERID_AUDIENCES setting, which is an explicit list of acceptable
audiences for your site.
:returns:
The first audience in BROWSERID_AUDIENCES that has the same origin as the request's
URL.
:raises:
:class:`django.core.exceptions.ImproperlyConfigured`: If BROWSERID_AUDIENCES isn't
defined, or if no matching audience could be found.
"""
protocol = 'https' if request.is_secure() else 'http'
host = '{0}://{1}'.format(protocol, request.get_host())
try:
audiences = settings.BROWSERID_AUDIENCES
if not audiences and settings.DEBUG:
return host
except AttributeError:
if settings.DEBUG:
return host
raise ImproperlyConfigured(
'Required setting BROWSERID_AUDIENCES not found!')
for audience in audiences:
if same_origin(host, audience):
return audience
# No audience found? We must not be configured properly, otherwise why are we getting this
# request?
raise ImproperlyConfigured(
'No audience could be found in BROWSERID_AUDIENCES for host `{0}`.'.
format(host))
def test_no_match(self):
self.assertFalse(same_origin("http://example.com", "http://example.org"))
self.assertFalse(same_origin("https://example.com", "http://example.com"))
self.assertFalse(same_origin("http://example.com:443", "http://example.com:80"))
def test_match(self):
self.assertTrue(same_origin("https://example.com", "https://example.com"))
self.assertTrue(same_origin("https://example.com:80", "https://example.com:80"))
self.assertTrue(
same_origin("https://example.com:80/different/path?query=4&five=6", "https://example.com:80/no/match#path")
)
