#24321: `utils.http.same_origin` doesn't comply with RFC6454
----------------------------+--------------------
Reporter: lukasklein | Owner: nobody
Type: Bug | Status: new
Component: Utilities | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 1
Easy pickings: 0 | UI/UX: 0
----------------------------+--------------------
According to RFC6454 (http://tools.ietf.org/html/rfc6454#section-3.2.1)
this should both be true:
{{{#!python
>>> from django.utils.http import same_origin
>>> same_origin('http://google.com', 'http://google.com')
True
>>> same_origin('http://google.com', 'http://google.com:80')
False
}}}
Quote:
All of the following resources have the same origin:
http://example.com/
http://example.com:80/
http://example.com/path/file
Each of the URIs has the same scheme, host, and port components.
Django's `same_origin` uses the standard urllib, which will return an
empty port if none is explicitly specified.
My suggestion (see GitHub pull request) is to extend `same_origin` to use
a protocol-to-port-mapping if no port is explicitly declared.
--
Ticket URL: <https://code.djangoproject.com/ticket/24321>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/053.e963d65923e4efef8e319fec8b63cc0a%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
