From 70332e6c431dc5988230dd3d91d3d8108b9aa0f0 Mon Sep 17 00:00:00 2001 From: Chris Jerdonek Date: Wed, 24 Mar 2021 03:52:22 -0700 Subject: [PATCH] Refs #32579 -- Optimized good_hosts creation in CsrfViewMiddleware.process_view(). --- django/middleware/csrf.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/django/middleware/csrf.py b/django/middleware/csrf.py index 2ee97ce8cef..c8114d5de59 100644 --- a/django/middleware/csrf.py +++ b/django/middleware/csrf.py @@ -330,11 +330,10 @@ class CsrfViewMiddleware(MiddlewareMixin): except DisallowedHost: pass - # Create a list of all acceptable HTTP referers, including the - # current host if it's permitted by ALLOWED_HOSTS. - good_hosts = list(self.csrf_trusted_origins_hosts) + # Create an iterable of all acceptable HTTP referers. + good_hosts = self.csrf_trusted_origins_hosts if good_referer is not None: - good_hosts.append(good_referer) + good_hosts = (*good_hosts, good_referer) if not any(is_same_domain(referer.netloc, host) for host in good_hosts): reason = REASON_BAD_REFERER % referer.geturl()