diff options
-rwxr-xr-x | .gitignore | 1 | ||||
-rw-r--r-- | askbot/doc/source/changelog.rst | 1 | ||||
-rw-r--r-- | askbot/startup_procedures.py | 29 |
3 files changed, 31 insertions, 0 deletions
@@ -14,6 +14,7 @@ settings.py *.iml lint env +/static django django/* nbproject diff --git a/askbot/doc/source/changelog.rst b/askbot/doc/source/changelog.rst index 33a6dbb2..c26ce8c2 100644 --- a/askbot/doc/source/changelog.rst +++ b/askbot/doc/source/changelog.rst @@ -4,6 +4,7 @@ Changes in Askbot Development version (not released yet) -------------------------------------- * Made email recovery link work when askbot is deployed on subdirectory (Evgeny) +* Added tests for the CSRF_COOKIE_DOMAIN setting in the startup_procedures (Evgeny) 0.7.39 (Jan 11, 2012) --------------------- diff --git a/askbot/startup_procedures.py b/askbot/startup_procedures.py index 05426898..8d3f4a75 100644 --- a/askbot/startup_procedures.py +++ b/askbot/startup_procedures.py @@ -9,6 +9,7 @@ the main function is run_startup_tests """ import sys import os +import re from django.db import transaction from django.conf import settings as django_settings from django.core.exceptions import ImproperlyConfigured @@ -272,6 +273,33 @@ class SettingsTester(object): '\n\n* '.join(self.messages) ) +def test_csrf_cookie_domain(): + """makes sure that csrf cookie domain setting is acceptable""" + #todo: maybe use the same steps to clean domain name + csrf_cookie_domain = django_settings.CSRF_COOKIE_DOMAIN + if csrf_cookie_domain == 'localhost': + raise ImproperlyConfigured( + PREAMBLE + + '\n\nPlease do not use value "localhost" for the setting ' + 'CSRF_COOKIE_DOMAIN\n' + 'instead use 127.0.0.1, a real IP ' + 'address or domain name.' + '\nThe value must match the network location you type in the ' + 'web browser to reach your site.' + ) + if re.match(r'https?://', csrf_cookie_domain): + raise ImproperlyConfigured( + PREAMBLE + + '\n\nplease remove http(s):// prefix in the CSRF_COOKIE_DOMAIN ' + 'setting' + ) + if ':' in csrf_cookie_domain: + raise ImproperlyConfigured( + PREAMBLE + + '\n\nPlease do not use port number in the CSRF_COOKIE_DOMAIN ' + 'setting' + ) + def run_startup_tests(): """function that runs all startup tests, mainly checking settings config so far @@ -285,6 +313,7 @@ def run_startup_tests(): #test_postgres() test_middleware() test_celery() + test_csrf_cookie_domain() settings_tester = SettingsTester({ 'CACHE_MIDDLEWARE_ANONYMOUS_ONLY': { 'value': True, |