django4: access request headers through request.headers instead of request.META (#68571)

2022-08-31 09:13:37 +02:00 · 2022-08-31 09:13:37 +02:00 · 98783c8574
parent 7050da2320
commit 98783c8574
2 changed files with 3 additions and 3 deletions
--- a/mellon/middleware.py
+++ b/mellon/middleware.py
@ -47,8 +47,8 @@ class PassiveAuthenticationMiddleware(MiddlewareMixin):
        if request.headers.get('x-requested-with') == 'XMLHttpRequest':
            return
        # Skip AJAX and media/script requests, unless mellon_no_passive is False on the view
-        if getattr(view_func, 'mellon_no_passive', True) and 'text/html' not in request.META.get(
-            'HTTP_ACCEPT', ''
+        if getattr(view_func, 'mellon_no_passive', True) and 'text/html' not in request.headers.get(
+            'Accept', ''
        ):
            return
        # Skip views asking to be skiped
--- a/mellon/views.py
+++ b/mellon/views.py
@ -722,7 +722,7 @@ class LogoutView(ProfileMixin, LogMixin, View):
    def sp_logout_request(self, request):
        '''Launch a logout request to the identity provider'''
        next_url = request.GET.get(REDIRECT_FIELD_NAME)
-        referer = request.META.get('HTTP_REFERER')
+        referer = request.headers.get('Referer')
        if not referer or utils.same_origin(referer, request.build_absolute_uri()):
            if hasattr(request, 'user') and request.user.is_authenticated:
                logout = None