1. 首页
  2. 问答
  3. 如何在Django的csrf中间件中处理utf-8与punycode问题?

如何在Django的csrf中间件中处理utf-8与punycode问题?

2015-04-28 14 views
2

我有非ASCII字符类似于http://blå.no的域与其的Punycode等效注册的域:如何在Django的csrf中间件中处理utf-8与punycode问题?

xn--bl-zia.no

其也在Apache虚拟主机设置:

<VirtualHost *:443> 
    ServerName xn--bl-zia.no 
    ...

I”的问题m看到来自请求包含:

'HTTP_USER_AGENT': 'Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko', 
'HTTP_HOST': 'xn--bl-zia.no', 
'SERVER_NAME': 'xn--bl-zia.no', 
'HTTP_REFERER': 'https://bl\xc3\xa5.no/login/ka/?next=/start-exam/participant-login/', 
'HTTP_X_REQUESTED_WITH': 'XMLHttpRequest',

ie。引用者是以utf-8发送的,而不是punycode。我得到的例外是:

Traceback (most recent call last): 

    File "/srv/cleanup-project/venv/dev/lib/python2.7/site-packages/django/core/handlers/base.py", line 153, in get_response 
    response = callback(request, **param_dict) 

    File "/srv/cleanup-project/venv/dev/lib/python2.7/site-packages/django/utils/decorators.py", line 87, in _wrapped_view 
    result = middleware.process_view(request, view_func, args, kwargs) 

    File "/srv/cleanup-project/venv/dev/lib/python2.7/site-packages/django/middleware/csrf.py", line 157, in process_view 
    reason = REASON_BAD_REFERER % (referer, good_referer) 

UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 10: ordinal not in range(128)

csrf.py相关的代码是:

  good_referer = 'https://%s/' % request.get_host() 
      if not same_origin(referer, good_referer): 
       reason = REASON_BAD_REFERER % (referer, good_referer)

get_host()从请求使用SERVER_NAME

有一个本地的Django的方式来处理这个,还是我需要编写一个中间件,将utf-8转换为referer头域部分的punycode?

来源

2015-04-28 thebjorn

回答

0

这里是一个中间件解决方案..

import urlparse 


class PunyCodeU8RefererFixerMiddleware(object): 
    def process_request(self, request): 
     servername = request.META['SERVER_NAME'] 
     if 'xn--' not in servername: 
      return None 

     referer = request.META.get("HTTP_REFERER") 
     if not referer: 
      return None 

     url = urlparse.urlparse(referer) 
     try: 
      netloc = url.netloc.decode('u8') 
     except UnicodeDecodeError: 
      return None 

     def isascii(txt): 
      return all(ord(ch) < 128 for ch in txt) 

     netloc = '.'.join([ 
      str(p) if isascii(p) else 'xn--' + p.encode('punycode') 
      for p in netloc.split('.') 
     ]) 
     url = url._replace(netloc=netloc) 
     request.META['HTTP_REFERER'] = urlparse.urlunparse(url) 
     return None

它试图尽可能早地当它检测到它不能做任何有用保释。当然必须安装在csrf中间件之前。

来源

2015-04-28 21:43:51 thebjorn

相关问题

 相关问题