如何处理Django的csrf中间件中的utf8与punycode问题?

2024-09-25 08:26:10 发布

您现在位置:Python中文网/ 问答频道 /正文
5337 3

我有一个域,其非ascii字符类似于http://blå.no该域是用其等效punycode注册的:

xn--bl-zia.no

它也在Apache vhost中设置:

^{pr2}$

我看到的问题来自于一个包含以下内容的请求:

'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko',
'HTTP_HOST': 'xn--bl-zia.no',
'SERVER_NAME': 'xn--bl-zia.no',
'HTTP_REFERER': 'https://bl\xc3\xa5.no/login/ka/?next=/start-exam/participant-login/',
'HTTP_X_REQUESTED_WITH': 'XMLHttpRequest',

也就是说,referer是作为utf-8而不是punycode发送的。我得到的例外是:

Traceback (most recent call last):

  File "/srv/cleanup-project/venv/dev/lib/python2.7/site-packages/django/core/handlers/base.py", line 153, in get_response
    response = callback(request, **param_dict)

  File "/srv/cleanup-project/venv/dev/lib/python2.7/site-packages/django/utils/decorators.py", line 87, in _wrapped_view
    result = middleware.process_view(request, view_func, args, kwargs)

  File "/srv/cleanup-project/venv/dev/lib/python2.7/site-packages/django/middleware/csrf.py", line 157, in process_view
    reason = REASON_BAD_REFERER % (referer, good_referer)

UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 10: ordinal not in range(128)

csrf.py中的相关代码是:

            good_referer = 'https://%s/' % request.get_host()
            if not same_origin(referer, good_referer):
                reason = REASON_BAD_REFERER % (referer, good_referer)

get_host()使用请求中的SERVER_NAME

有没有原生的Django方法来处理这个问题,或者我需要在referer头的域部分编写一个将utf-8转换成punycode的中间件吗?


Tags: noinpyviewhttpfilecleanupgood
1条回答
网友
1楼 · 发布于 2024-09-25 08:26:10

这里有一个中间件解决方案。。在

import urlparse


class PunyCodeU8RefererFixerMiddleware(object):
    def process_request(self, request):
        servername = request.META['SERVER_NAME']
        if 'xn ' not in servername:
            return None

        referer = request.META.get("HTTP_REFERER")
        if not referer:
            return None

        url = urlparse.urlparse(referer)
        try:
            netloc = url.netloc.decode('u8')
        except UnicodeDecodeError:
            return None

        def isascii(txt):
            return all(ord(ch) < 128 for ch in txt)

        netloc = '.'.join([
            str(p) if isascii(p) else 'xn ' + p.encode('punycode')
            for p in netloc.split('.')
        ])
        url = url._replace(netloc=netloc)
        request.META['HTTP_REFERER'] = urlparse.urlunparse(url)
        return None

当它发现自己做不到任何有用的事情时,它会尽可能早地保释。当然,必须在安装csrf中间件之前安装。在

相关问题 更多 >

    编程相关推荐