github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

Move open redirect fix to asgi_send_redirect, refs #2429

Browse source 
See https://github.com/simonw/datasette/pull/2500#issuecomment-3488632278
This commit is contained in:
Simon Willison 2025-11-04 17:08:06 -08:00
commit 0403a04da6
3 changed files with 7 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

5
tests/test_custom_pages.py
View file

@ -100,6 +100,7 @@ def test_custom_route_pattern_404(custom_pages_client):
def test_custom_route_pattern_with_slash_slash_302(custom_pages_client):
response = custom_pages_client.get("//nastyOpenRedirect/")
# https://github.com/simonw/datasette/issues/2429
response = custom_pages_client.get("//example.com/")
assert response.status == 302
assert response.headers["location"] == "/nastyOpenRedirect"
assert response.headers["location"] == "/example.com"