0001-misc-return-bad-request-messages-as-plain-text-41602.patch
mellon/views.py | ||
---|---|---|
23 | 23 |
from xml.sax.saxutils import escape |
24 | 24 |
import xml.etree.ElementTree as ET |
25 | 25 | |
26 | ||
26 |
import django.http |
|
27 | 27 |
from django.views.generic import View |
28 |
from django.http import HttpResponseBadRequest, HttpResponseRedirect, HttpResponse
|
|
28 |
from django.http import HttpResponseRedirect, HttpResponse |
|
29 | 29 |
from django.contrib import auth |
30 | 30 |
from django.conf import settings |
31 | 31 |
from django.views.decorators.csrf import csrf_exempt |
... | ... | |
40 | 40 | |
41 | 41 |
from . import app_settings, utils |
42 | 42 | |
43 | ||
43 | 44 |
RETRY_LOGIN_COOKIE = 'MELLON_RETRY_LOGIN' |
44 | 45 | |
45 | 46 |
lasso.setFlag('thin-sessions') |
... | ... | |
55 | 56 |
LOGIN_HINT = '{%s}login-hint' % EO_NS |
56 | 57 | |
57 | 58 | |
59 |
class HttpResponseBadRequest(django.http.HttpResponseBadRequest): |
|
60 |
def __init__(self, *args, **kwargs): |
|
61 |
kwargs['content_type'] = kwargs.get('content_type', 'text/plain') |
|
62 |
super(HttpResponseBadRequest, self).__init__(*args, **kwargs) |
|
63 |
self['X-Content-Type-Options'] = 'nosniff' |
|
64 | ||
65 | ||
58 | 66 |
class LogMixin(object): |
59 | 67 |
"""Initialize a module logger in new objects""" |
60 | 68 |
def __init__(self, *args, **kwargs): |
tests/test_views.py | ||
---|---|---|
232 | 232 |
'METADATA': open('tests/metadata.xml').read(), |
233 | 233 |
}] |
234 | 234 |
response = client.get('/login/?SAMLart=xxx', status=400) |
235 |
assert response['Content-Type'] == 'text/plain' |
|
236 |
assert response['X-Content-Type-Options'] == 'nosniff' |
|
235 | 237 |
assert b'artifact is malformed' in response.content |
236 | 238 |
assert 'artifact is malformed' in caplog.text |
237 | 239 | |
238 |
- |