misc: return bad request messages as plain text (#41602)
This commit is contained in:
parent
f16d316cef
commit
d67297c7aa
|
@ -23,9 +23,9 @@ from requests.exceptions import RequestException
|
|||
from xml.sax.saxutils import escape
|
||||
import xml.etree.ElementTree as ET
|
||||
|
||||
|
||||
import django.http
|
||||
from django.views.generic import View
|
||||
from django.http import HttpResponseBadRequest, HttpResponseRedirect, HttpResponse
|
||||
from django.http import HttpResponseRedirect, HttpResponse
|
||||
from django.contrib import auth
|
||||
from django.conf import settings
|
||||
from django.views.decorators.csrf import csrf_exempt
|
||||
|
@ -40,6 +40,7 @@ from django.utils.translation import ugettext as _
|
|||
|
||||
from . import app_settings, utils
|
||||
|
||||
|
||||
RETRY_LOGIN_COOKIE = 'MELLON_RETRY_LOGIN'
|
||||
|
||||
lasso.setFlag('thin-sessions')
|
||||
|
@ -55,6 +56,13 @@ EO_NS = 'https://www.entrouvert.com/'
|
|||
LOGIN_HINT = '{%s}login-hint' % EO_NS
|
||||
|
||||
|
||||
class HttpResponseBadRequest(django.http.HttpResponseBadRequest):
|
||||
def __init__(self, *args, **kwargs):
|
||||
kwargs['content_type'] = kwargs.get('content_type', 'text/plain')
|
||||
super(HttpResponseBadRequest, self).__init__(*args, **kwargs)
|
||||
self['X-Content-Type-Options'] = 'nosniff'
|
||||
|
||||
|
||||
class LogMixin(object):
|
||||
"""Initialize a module logger in new objects"""
|
||||
def __init__(self, *args, **kwargs):
|
||||
|
|
|
@ -232,6 +232,8 @@ def test_malfortmed_artifact(private_settings, client, caplog):
|
|||
'METADATA': open('tests/metadata.xml').read(),
|
||||
}]
|
||||
response = client.get('/login/?SAMLart=xxx', status=400)
|
||||
assert response['Content-Type'] == 'text/plain'
|
||||
assert response['X-Content-Type-Options'] == 'nosniff'
|
||||
assert b'artifact is malformed' in response.content
|
||||
assert 'artifact is malformed' in caplog.text
|
||||
|
||||
|
|
Loading…
Reference in New Issue