Commit b5853cf0 authored by Aymeric Augustin's avatar Aymeric Augustin
Browse files

[1.3.X] Fixed #16632 -- Crash on responses without Content-Type with IE. Backport of r17196. 



git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.3.X@17198 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent 68f37a90

django/http/utils.py

+2 −1
Original line number Diff line number Diff line
@@ -76,7 +76,8 @@ def fix_IE_for_vary(request, response): 


    # The first part of the Content-Type field will be the MIME type,

    # everything after ';', such as character-set, can be ignored.

    if response['Content-Type'].split(';')[0] not in safe_mime_types:

    mime_type = response.get('Content-Type', '').partition(';')[0]

    if mime_type not in safe_mime_types:

        try:

            del response['Vary']

        except KeyError:

tests/regressiontests/utils/http.py

+48 −0
Original line number Diff line number Diff line 
from django.utils import http

from django.utils import unittest

from django.http import HttpResponse, utils

from django.test import RequestFactory



class TestUtilsHttp(unittest.TestCase):
@@ -21,3 +23,49 @@ class TestUtilsHttp(unittest.TestCase): 
        self.assertFalse(http.same_origin('http://foo.com', 'http://foo.com.evil.com'))

        # Different port

        self.assertFalse(http.same_origin('http://foo.com:8000', 'http://foo.com:8001'))



    def test_fix_IE_for_vary(self):

        """

        Regression for #16632.



        `fix_IE_for_vary` shouldn't crash when there's no Content-Type header.

        """



        # functions to generate responses

        def response_with_unsafe_content_type():

            r = HttpResponse(content_type="text/unsafe")

            r['Vary'] = 'Cookie'

            return r



        def no_content_response_with_unsafe_content_type():

            # 'Content-Type' always defaulted, so delete it

            r = response_with_unsafe_content_type()

            del r['Content-Type']

            return r



        # request with & without IE user agent

        rf = RequestFactory()

        request = rf.get('/')

        ie_request = rf.get('/', HTTP_USER_AGENT='MSIE')



        # not IE, unsafe_content_type

        response = response_with_unsafe_content_type()

        utils.fix_IE_for_vary(request, response)

        self.assertTrue('Vary' in response)



        # IE, unsafe_content_type

        response = response_with_unsafe_content_type()

        utils.fix_IE_for_vary(ie_request, response)

        self.assertFalse('Vary' in response)



        # not IE, no_content

        response = no_content_response_with_unsafe_content_type()

        utils.fix_IE_for_vary(request, response)

        self.assertTrue('Vary' in response)



        # IE, no_content

        response = no_content_response_with_unsafe_content_type()

        utils.fix_IE_for_vary(ie_request, response)

        self.assertFalse('Vary' in response)