Re: [Django] #24321: `utils.http.same_origin` doesn't comply with RFC6454

2015-02-12 Thread Django 
#24321: `utils.http.same_origin` doesn't comply with RFC6454
+-
 Reporter:  lukasklein  |Owner:  nobody
 Type:  Bug |   Status:  closed
Component:  Utilities   |  Version:  master
 Severity:  Normal  |   Resolution:  fixed
 Keywords:  | Triage Stage:  Ready for checkin
Has patch:  1   |  Needs documentation:  0
  Needs tests:  0   |  Patch needs improvement:  0
Easy pickings:  0   |UI/UX:  0
+-

Comment (by Claude Paroz ):

 In [changeset:"1904022f91d0e987d972359d98993422db11ab3f"]:
 {{{
 #!CommitTicketReference repository=""
 revision="1904022f91d0e987d972359d98993422db11ab3f"
 [1.8.x] Fixed #24321 -- Improved `utils.http.same_origin` compliance with
 RFC6454

 Backport of 93b3ef9b2e from master.
 }}}

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.72a93a82fadaa2a188a70d0841573a0f%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24321: `utils.http.same_origin` doesn't comply with RFC6454

2015-02-12 Thread Django 
#24321: `utils.http.same_origin` doesn't comply with RFC6454
+-
 Reporter:  lukasklein  |Owner:  nobody
 Type:  Bug |   Status:  closed
Component:  Utilities   |  Version:  master
 Severity:  Normal  |   Resolution:  fixed
 Keywords:  | Triage Stage:  Ready for checkin
Has patch:  1   |  Needs documentation:  0
  Needs tests:  0   |  Patch needs improvement:  0
Easy pickings:  0   |UI/UX:  0
+-
Changes (by Claude Paroz ):

 * status:  new => closed
 * resolution:   => fixed


Comment:

 In [changeset:"93b3ef9b2e191101c1a49b332d042864df74a658"]:
 {{{
 #!CommitTicketReference repository=""
 revision="93b3ef9b2e191101c1a49b332d042864df74a658"
 Fixed #24321 -- Improved `utils.http.same_origin` compliance with RFC6454
 }}}

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.675926c1bac97a4c82b174f66dc3fb41%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24321: `utils.http.same_origin` doesn't comply with RFC6454

2015-02-11 Thread Django 
#24321: `utils.http.same_origin` doesn't comply with RFC6454
+-
 Reporter:  lukasklein  |Owner:  nobody
 Type:  Bug |   Status:  new
Component:  Utilities   |  Version:  master
 Severity:  Normal  |   Resolution:
 Keywords:  | Triage Stage:  Ready for checkin
Has patch:  1   |  Needs documentation:  0
  Needs tests:  0   |  Patch needs improvement:  0
Easy pickings:  0   |UI/UX:  0
+-
Changes (by claudep):

 * stage:  Accepted => Ready for checkin


--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.c63f0d424466ff9c6510c676ef6ab24d%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24321: `utils.http.same_origin` doesn't comply with RFC6454

2015-02-11 Thread Django 
#24321: `utils.http.same_origin` doesn't comply with RFC6454
+
 Reporter:  lukasklein  |Owner:  nobody
 Type:  Bug |   Status:  new
Component:  Utilities   |  Version:  master
 Severity:  Normal  |   Resolution:
 Keywords:  | Triage Stage:  Accepted
Has patch:  1   |  Needs documentation:  0
  Needs tests:  0   |  Patch needs improvement:  0
Easy pickings:  0   |UI/UX:  0
+
Changes (by berkerpeksag):

 * stage:  Unreviewed => Accepted


--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.e8bc62c186a9210f324a9041da09e103%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.

Re: [Django] #24321: `utils.http.same_origin` doesn't comply with RFC6454

2015-02-11 Thread Django 
#24321: `utils.http.same_origin` doesn't comply with RFC6454
+--
 Reporter:  lukasklein  |Owner:  nobody
 Type:  Bug |   Status:  new
Component:  Utilities   |  Version:  master
 Severity:  Normal  |   Resolution:
 Keywords:  | Triage Stage:  Unreviewed
Has patch:  1   |  Needs documentation:  0
  Needs tests:  0   |  Patch needs improvement:  0
Easy pickings:  0   |UI/UX:  0
+--
Changes (by lukasklein):

 * needs_docs:   => 0
 * needs_tests:   => 0
 * needs_better_patch:   => 0


Old description:

> According to RFC6454 (http://tools.ietf.org/html/rfc6454#section-3.2.1)
> this should both be true:
>
> {{{#!python
> >>> from django.utils.http import same_origin
> >>> same_origin('http://google.com', 'http://google.com')
> True
> >>> same_origin('http://google.com', 'http://google.com:80')
> False
> }}}
>
> Quote:
>
> All of the following resources have the same origin:
>  http://example.com/
>  http://example.com:80/
>  http://example.com/path/file
> Each of the URIs has the same scheme, host, and port components.
>
> Django's `same_origin` uses the standard urllib, which will return an
> empty port if none is explicitly specified.
>
> My suggestion (see GitHub pull request) is to extend `same_origin` to use
> a protocol-to-port-mapping if no port is explicitly declared.

New description:

 According to RFC6454 (http://tools.ietf.org/html/rfc6454#section-3.2.1)
 this should both be true:

 {{{#!python
 >>> from django.utils.http import same_origin
 >>> same_origin('http://google.com', 'http://google.com')
 True
 >>> same_origin('http://google.com', 'http://google.com:80')
 False
 }}}

 Quote:

 All of the following resources have the same origin:
  http://example.com/
  http://example.com:80/
  http://example.com/path/file
 Each of the URIs has the same scheme, host, and port components.

 Django's `same_origin` uses the standard urllib, which will return an
 empty port if none is explicitly specified.

 My suggestion (see GitHub pull request:
 https://github.com/django/django/pull/4108) is to extend `same_origin` to
 use a protocol-to-port-mapping if no port is explicitly declared.

--

--
Ticket URL: 
Django 
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/django-updates/068.0ff12b8395d611649988720fe4026ef0%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.