summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBenjamin Dauvergne <bdauvergne@entrouvert.com>2017-09-27 12:34:57 (GMT)
committerBenjamin Dauvergne <bdauvergne@entrouvert.com>2017-09-27 19:59:48 (GMT)
commit688067f27068f6c0450d76f67c71b7419db78138 (patch)
treeb740f2f1caa10efb4bfd3659be17dac2a73427da
parentcb3e18c8bafadaa18fb922602bfdf8c56cf79d3b (diff)
downloaddjango-mellon-688067f27068f6c0450d76f67c71b7419db78138.zip
django-mellon-688067f27068f6c0450d76f67c71b7419db78138.tar.gz
django-mellon-688067f27068f6c0450d76f67c71b7419db78138.tar.bz2
middleware: improve condition to automatically determine a common domain (fixes #15548)
It works if: - HTTP Host is a domain name and not an IP address (IPv6 address will not pass this test, they lack dots), - domain contains at least three components.
-rw-r--r--mellon/middleware.py6
1 files changed, 5 insertions, 1 deletions
diff --git a/mellon/middleware.py b/mellon/middleware.py
index 2c1d3fd..a0b814a 100644
--- a/mellon/middleware.py
+++ b/mellon/middleware.py
@@ -35,8 +35,12 @@ class PassiveAuthenticationMiddleware(object):
# get the common domain or guess
common_domain = app_settings.OPENED_SESSION_COOKIE_DOMAIN
if not common_domain:
+ host = request.get_host()
+ # accept automatic common domain selection if domain has at least three components
+ # and is not an IP address
+ if not host.count('.') > 1 or host.replace('.', '').isdigit():
+ return
common_domain = request.get_host().split('.', 1)[1]
- assert '.' in common_domain # if domain is xxx.com explode !
params = {
'next': request.build_absolute_uri(),
'passive': '',