diff --git a/django/http/request.py b/django/http/request.py
index 79fc8350fde..c7922e59e91 100644
--- a/django/http/request.py
+++ b/django/http/request.py
@@ -180,17 +180,6 @@ class HttpRequest:
raise
return value
- def get_raw_uri(self):
- """
- Return an absolute URI from variables available in this request. Skip
- allowed hosts protection, so may return insecure URI.
- """
- return '{scheme}://{host}{path}'.format(
- scheme=self.scheme,
- host=self._get_raw_host(),
- path=self.get_full_path(),
- )
-
def build_absolute_uri(self, location=None):
"""
Build an absolute URI from the location and the variables available in
diff --git a/django/views/debug.py b/django/views/debug.py
index 67bb5de20b3..16c9ad7fc87 100644
--- a/django/views/debug.py
+++ b/django/views/debug.py
@@ -274,6 +274,17 @@ class ExceptionReporter:
self.template_does_not_exist = False
self.postmortem = None
+ def _get_raw_insecure_uri(self):
+ """
+ Return an absolute URI from variables available in this request. Skip
+ allowed hosts protection, so may return insecure URI.
+ """
+ return '{scheme}://{host}{path}'.format(
+ scheme=self.request.scheme,
+ host=self.request._get_raw_host(),
+ path=self.request.get_full_path(),
+ )
+
def get_traceback_data(self):
"""Return a dictionary containing traceback information."""
if self.exc_type and issubclass(self.exc_type, TemplateDoesNotExist):
@@ -337,6 +348,8 @@ class ExceptionReporter:
c['request_GET_items'] = self.request.GET.items()
c['request_FILES_items'] = self.request.FILES.items()
c['request_COOKIES_items'] = self.request.COOKIES.items()
+ c['request_insecure_uri'] = self._get_raw_insecure_uri()
+
# Check whether exception info is available
if self.exc_type:
c['exception_type'] = self.exc_type.__name__
diff --git a/django/views/templates/technical_500.html b/django/views/templates/technical_500.html
index b5ea1a78a7d..7683896c568 100644
--- a/django/views/templates/technical_500.html
+++ b/django/views/templates/technical_500.html
@@ -108,7 +108,7 @@
Request URL: |
- {{ request.get_raw_uri }} |
+ {{ request_insecure_uri }} |
{% endif %}
@@ -289,7 +289,7 @@ Environment:
{% if request %}
Request Method: {{ request.META.REQUEST_METHOD }}
-Request URL: {{ request.get_raw_uri }}
+Request URL: {{ request_insecure_uri }}
{% endif %}
Django Version: {{ django_version_info }}
Python Version: {{ sys_version_info }}
diff --git a/django/views/templates/technical_500.txt b/django/views/templates/technical_500.txt
index 551413aab79..5c86a3139fd 100644
--- a/django/views/templates/technical_500.txt
+++ b/django/views/templates/technical_500.txt
@@ -2,7 +2,7 @@
{% firstof exception_value 'No exception message supplied' %}
{% if request %}
Request Method: {{ request.META.REQUEST_METHOD }}
-Request URL: {{ request.get_raw_uri }}{% endif %}
+Request URL: {{ request_insecure_uri }}{% endif %}
Django Version: {{ django_version_info }}
Python Executable: {{ sys_executable }}
Python Version: {{ sys_version_info }}
diff --git a/docs/releases/4.0.txt b/docs/releases/4.0.txt
index e7eab6fa43b..3f65e68c844 100644
--- a/docs/releases/4.0.txt
+++ b/docs/releases/4.0.txt
@@ -399,6 +399,9 @@ Miscellaneous
* The undocumented ``django.contrib.admin.utils.lookup_needs_distinct()``
function is renamed to ``lookup_spawns_duplicates()``.
+* The undocumented ``HttpRequest.get_raw_uri()`` method is removed. The
+ :meth:`.HttpRequest.build_absolute_uri` method may be a suitable alternative.
+
.. _deprecated-features-4.0:
Features deprecated in 4.0
diff --git a/tests/requests/tests.py b/tests/requests/tests.py
index c57d5caae2d..3d8bb45b00b 100644
--- a/tests/requests/tests.py
+++ b/tests/requests/tests.py
@@ -558,18 +558,6 @@ class RequestsTests(SimpleTestCase):
with self.assertRaises(UnreadablePostError):
request.FILES
- @override_settings(ALLOWED_HOSTS=['example.com'])
- def test_get_raw_uri(self):
- factory = RequestFactory(HTTP_HOST='evil.com')
- request = factory.get('////absolute-uri')
- self.assertEqual(request.get_raw_uri(), 'http://evil.com//absolute-uri')
-
- request = factory.get('/?foo=bar')
- self.assertEqual(request.get_raw_uri(), 'http://evil.com/?foo=bar')
-
- request = factory.get('/path/with:colons')
- self.assertEqual(request.get_raw_uri(), 'http://evil.com/path/with:colons')
-
class HostValidationTests(SimpleTestCase):
poisoned_hosts = [
diff --git a/tests/view_tests/tests/test_debug.py b/tests/view_tests/tests/test_debug.py
index 9c85ed20fcc..c8cc4aeb1e3 100644
--- a/tests/view_tests/tests/test_debug.py
+++ b/tests/view_tests/tests/test_debug.py
@@ -942,6 +942,20 @@ class ExceptionReporterTests(SimpleTestCase):
reporter.get_traceback_text()
m.assert_called_once_with(encoding='utf-8')
+ @override_settings(ALLOWED_HOSTS=['example.com'])
+ def test_get_raw_insecure_uri(self):
+ factory = RequestFactory(HTTP_HOST='evil.com')
+ tests = [
+ ('////absolute-uri', 'http://evil.com//absolute-uri'),
+ ('/?foo=bar', 'http://evil.com/?foo=bar'),
+ ('/path/with:colons', 'http://evil.com/path/with:colons'),
+ ]
+ for url, expected in tests:
+ with self.subTest(url=url):
+ request = factory.get(url)
+ reporter = ExceptionReporter(request, None, None, None)
+ self.assertEqual(reporter._get_raw_insecure_uri(), expected)
+
class PlainTextReportTests(SimpleTestCase):
rf = RequestFactory()