Fixed #20411 -- Don't let invalid referers blow up CSRF same origin checks.

    Checks if two URLs are 'same-origin'

    """

    p1, p2 = urllib_parse.urlparse(url1), urllib_parse.urlparse(url2)

    try:

        return (p1.scheme, p1.hostname, p1.port) == (p2.scheme, p2.hostname, p2.port)

    except ValueError:

        return False

def is_safe_url(url, host=None):

    """

        self.assertNotEqual(None, req2)

        self.assertEqual(403, req2.status_code)

    @override_settings(ALLOWED_HOSTS=['www.example.com'])

    def test_https_malformed_referer(self):

        """

        Test that a POST HTTPS request with a bad referer is rejected

        """

        req = self._get_POST_request_with_token()

        req._is_secure_override = True

        req.META['HTTP_HOST'] = 'www.example.com'

        req.META['HTTP_REFERER'] = 'http://http://www.example.com/'

        req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})

        self.assertNotEqual(None, req2)

        self.assertEqual(403, req2.status_code)

    @override_settings(ALLOWED_HOSTS=['www.example.com'])

    def test_https_good_referer(self):

        """