def test_process_view_replace_https_referer(self):
post_middleware = CorsPostCsrfMiddleware()
request = Mock(path='/')
request.method = 'GET'
request.is_secure = lambda: True
request.META = {
'HTTP_REFERER': 'https://foo.google.com/',
'HTTP_HOST': 'foobar.com',
'HTTP_ORIGIN': 'https://foo.google.com',
}
with settings_override(CORS_URLS_REGEX='^.*$',
CORS_ORIGIN_REGEX_WHITELIST='.*google.*',
CORS_REPLACE_HTTPS_REFERER=True):
response = self.middleware.process_view(request, None, None, None)
self.assertIsNone(response)
self.assertEquals(request.META['ORIGINAL_HTTP_REFERER'], 'https://foo.google.com/')
self.assertEquals(request.META['HTTP_REFERER'], 'https://foobar.com/')
with settings_override(CORS_URLS_REGEX='^.*$', CORS_REPLACE_HTTPS_REFERER=True):
post_middleware.process_view(request, None, None, None)
self.assertTrue('ORIGINAL_HTTP_REFERER' not in request.META)
self.assertEquals(request.META['HTTP_REFERER'], 'https://foo.google.com/')
with settings_override(CORS_URLS_REGEX='^.*$', CORS_REPLACE_HTTPS_REFERER=True):
response = post_middleware.process_view(request, None, None, None)
self.assertIsNone(response)
def test_process_view_replace_https_referer(self):
post_middleware = CorsPostCsrfMiddleware()
request = Mock(path='/')
request.method = 'GET'
request.is_secure = lambda: True
request.META = {
'HTTP_REFERER': 'https://foo.google.com/',
'HTTP_HOST': 'foobar.com',
'HTTP_ORIGIN': 'https://foo.google.com',
}
with settings_override(CORS_URLS_REGEX='^.*$',
CORS_ORIGIN_REGEX_WHITELIST='.*google.*',
CORS_REPLACE_HTTPS_REFERER=True):
response = self.middleware.process_view(request, None, None, None)
self.assertIsNone(response)
self.assertEquals(request.META['ORIGINAL_HTTP_REFERER'], 'https://foo.google.com/')
self.assertEquals(request.META['HTTP_REFERER'], 'https://foobar.com/')
with settings_override(CORS_URLS_REGEX='^.*$', CORS_REPLACE_HTTPS_REFERER=True):
post_middleware.process_view(request, None, None, None)
self.assertTrue('ORIGINAL_HTTP_REFERER' not in request.META)
self.assertEquals(request.META['HTTP_REFERER'], 'https://foo.google.com/')
with settings_override(CORS_URLS_REGEX='^.*$', CORS_REPLACE_HTTPS_REFERER=True):
response = post_middleware.process_view(request, None, None, None)
self.assertIsNone(response)
def test_process_view_replace_https_referer(self):
post_middleware = CorsPostCsrfMiddleware()
request = self.req_factory.get(
'/',
HTTP_FAKE_SECURE='true',
HTTP_HOST='foobar.com',
HTTP_ORIGIN='https://foo.google.com',
HTTP_REFERER='https://foo.google.com/',
)
response = self.middleware.process_view(request, None, None, None)
assert response is None
assert request.META['ORIGINAL_HTTP_REFERER'] == 'https://foo.google.com/'
assert request.META['HTTP_REFERER'] == 'https://foobar.com/'
post_middleware.process_view(request, None, None, None)
assert 'ORIGINAL_HTTP_REFERER' not in request.META
assert request.META['HTTP_REFERER'] == 'https://foo.google.com/'
response = post_middleware.process_view(request, None, None, None)
assert response is None
def test_process_view_replace_https_referer(self):
post_middleware = CorsPostCsrfMiddleware()
request = Mock(path='/')
request.method = 'GET'
request.is_secure = lambda: True
request.META = {
'HTTP_REFERER': 'https://foo.google.com/',
'HTTP_HOST': 'foobar.com',
'HTTP_ORIGIN': 'https://foo.google.com',
}
response = self.middleware.process_view(request, None, None, None)
assert response is None
assert request.META[
'ORIGINAL_HTTP_REFERER'] == 'https://foo.google.com/'
assert request.META['HTTP_REFERER'] == 'https://foobar.com/'
post_middleware.process_view(request, None, None, None)
assert 'ORIGINAL_HTTP_REFERER' not in request.META
assert request.META['HTTP_REFERER'] == 'https://foo.google.com/'
response = post_middleware.process_view(request, None, None, None)
assert response is None
