Also catch InvalidURL in ajax-proxy

fix #1119
This commit is contained in:
Yohan Boniface 2023-06-02 22:45:13 +02:00
parent 39a887a6f6
commit 1b791347d8
2 changed files with 14 additions and 0 deletions

View file

@ -112,6 +112,17 @@ def test_valid_proxy_request_with_invalid_ttl(client):
assert "X-Accel-Expires" not in response assert "X-Accel-Expires" not in response
def test_invalid_proxy_url_should_return_400(client):
url = reverse("ajax-proxy")
params = {"url": "http://example.org/a space is invalid"}
headers = {
"HTTP_X_REQUESTED_WITH": "XMLHttpRequest",
"HTTP_REFERER": settings.SITE_URL,
}
response = client.get(url, params, **headers)
assert response.status_code == 400
@pytest.mark.django_db @pytest.mark.django_db
def test_login_does_not_contain_form_if_not_enabled(client, settings): def test_login_does_not_contain_form_if_not_enabled(client, settings):
settings.ENABLE_ACCOUNT_LOGIN = False settings.ENABLE_ACCOUNT_LOGIN = False

View file

@ -4,6 +4,7 @@ import os
import re import re
import socket import socket
from datetime import date, timedelta from datetime import date, timedelta
from http.client import InvalidURL
from pathlib import Path from pathlib import Path
from urllib.error import URLError from urllib.error import URLError
@ -306,6 +307,8 @@ class AjaxProxy(View):
return HttpResponse(e.msg, status=e.code, content_type="text/plain") return HttpResponse(e.msg, status=e.code, content_type="text/plain")
except URLError: except URLError:
return HttpResponseBadRequest("URL error") return HttpResponseBadRequest("URL error")
except InvalidURL:
return HttpResponseBadRequest("Invalid URL")
else: else:
status_code = proxied_request.code status_code = proxied_request.code
mimetype = proxied_request.headers.get( mimetype = proxied_request.headers.get(