Hopiu/django
1
0
Fork 0
mirror of https://github.com/Hopiu/django.git synced 2026-03-18 15:00:25 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
django/tests/settings_tests
History
Carlton Gibson 54d0f5e62f Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 
An HTTP request would not be redirected to HTTPS when the
SECURE_PROXY_SSL_HEADER and SECURE_SSL_REDIRECT settings were used if
the proxy connected to Django via HTTPS.

HttpRequest.scheme will now always trust the SECURE_PROXY_SSL_HEADER if
set, rather than falling back to the request scheme when the
SECURE_PROXY_SSL_HEADER did not have the secure value.

Thanks to Gavin Wahl for the report and initial patch suggestion, and
Shai Berger for review.
2019-07-01 07:48:04 +02:00
..
__init__.py Merged regressiontests and modeltests into the test root. 2013-02-26 14:36:57 +01:00
test_file_charset.py Fixed #29817 -- Deprecated settings.FILE_CHARSET. 2018-10-15 17:15:41 -04:00
tests.py Fixed CVE-2019-12781 -- Made HttpRequest always trust SECURE_PROXY_SSL_HEADER if set. 2019-07-01 07:48:04 +02:00