python - How do I handle utf-8 vs. punycode issues in Django's csrf middleware? -


i have domain non-ascii characters similar http://blå.no domain registered punycode equivalent:

xn--bl-zia.no

which set in apache vhost:

<virtualhost *:443>     servername xn--bl-zia.no     ...

the problem i'm seeing coming request containing:

'http_user_agent': 'mozilla/5.0 (windows nt 6.3; wow64; trident/7.0; rv:11.0) gecko', 'http_host': 'xn--bl-zia.no', 'server_name': 'xn--bl-zia.no', 'http_referer': 'https://bl\xc3\xa5.no/login/ka/?next=/start-exam/participant-login/', 'http_x_requested_with': 'xmlhttprequest',

ie. referer sent utf-8 , not punycode. exception i'm getting is:

traceback (most recent call last):    file "/srv/cleanup-project/venv/dev/lib/python2.7/site-packages/django/core/handlers/base.py", line 153, in get_response     response = callback(request, **param_dict)    file "/srv/cleanup-project/venv/dev/lib/python2.7/site-packages/django/utils/decorators.py", line 87, in _wrapped_view     result = middleware.process_view(request, view_func, args, kwargs)    file "/srv/cleanup-project/venv/dev/lib/python2.7/site-packages/django/middleware/csrf.py", line 157, in process_view     reason = reason_bad_referer % (referer, good_referer)  unicodedecodeerror: 'ascii' codec can't decode byte 0xc3 in position 10: ordinal not in range(128)

the relevant code in csrf.py is:

            good_referer = 'https://%s/' % request.get_host()             if not same_origin(referer, good_referer):                 reason = reason_bad_referer % (referer, good_referer)

(get_host() uses server_name request)

is there native django way handle this, or need write middleware converts utf-8 punycode in domain part of referer header?

here's middleware solution..

import urlparse   class punycodeu8refererfixermiddleware(object):     def process_request(self, request):         servername = request.meta['server_name']         if 'xn--' not in servername:             return none          referer = request.meta.get("http_referer")         if not referer:             return none          url = urlparse.urlparse(referer)         try:             netloc = url.netloc.decode('u8')         except unicodedecodeerror:             return none          def isascii(txt):             return all(ord(ch) < 128 ch in txt)          netloc = '.'.join([             str(p) if isascii(p) else 'xn--' + p.encode('punycode')             p in netloc.split('.')         ])         url = url._replace(netloc=netloc)         request.meta['http_referer'] = urlparse.urlunparse(url)         return none

it tries bail possible when detects can't useful. must installed before csrf middleware of course.


Comments

Post a Comment

Popular posts from this blog

java - Spring Data JPA: Why findOne(id) executing delete query internally? -

i have 1 application using @manytomany annotation link 2 different entities 1 parent entity. not sure if have implemented properly. when execute .findone() on parent entity's repository find it, @ first fetch data along executing delete queries internally delete record mapping table (a table jpa creates after adding @manytomany annotation.). following generated sql queries , code snippet: java class @entity @table(name = "inventory") public class inventory { @id long id; // many other properties @manytomany(fetch=fetchtype.lazy) private list<stream> streams; @manytomany(fetch=fetchtype.lazy) private list<subject> subjects; } there no other annotation i've put in stream , subject entity class link inventory class. when run app, create following tables: inventory stream subject inventory_stream inventory_subject (inventory_stream , inventory_subject, 2 tables created automatically, don't k...
Read more

python - Mongodb How to add addtional information when aggregating? -

i beginner , wrote line pipeline works, wanna add other information output, screen name , or number of tweets.i tried add under $group gave me syntax error everytime here pipeline: def make_pipeline(): # complete aggregation pipeline pipeline = [ { '$match': { "user.statuses_count": {"$gt":99 }, "user.time_zone": "brasilia" } }, { "$group": { "_id": "$user.id", "followers": { "$max": "$user.followers_count" } } }, { "$sort": { "followers": -1 } }, { "$limit" : 1 } ]; i using on example : { "_id" : objectid("5304e2e3cc9e684aa98bef97"), "text" : "first week of school on :p", "in_reply_to_status_id" : null, "retweet_count" : null, ...
Read more

java - Incorrect order of records in M-M relationship in hibernate -

Image
i have 4 records in bridge table in mysql database. using @manytomany in hibernate, accurate order of employees incorrect incorrect of projects. following required material figure out doing mistake. this source. @entity @table(name="project") public class projectbean { @id @generatedvalue @column(name="project_id") private int projectid; @column(name="title") private string projecttitle; @manytomany(mappedby="projects") private collection<employeebean> employees; public projectbean() { employees = new arraylist<employeebean>(); } //getters & setters } @entity @table(name="employee") public class employeebean { @id @generatedvalue @column(name="employee_id") private int employee_id; @column(name="first_name") private string ...
Read more