3 files changed, 31 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
index d6a06e66..b4e6ec96 100755
--- a/.gitignore
+++ b/.gitignore
@@ -14,6 +14,7 @@ settings.py
 *.iml
 lint
 env
+/static
 django
 django/*
 nbproject
diff --git a/askbot/doc/source/changelog.rst b/askbot/doc/source/changelog.rst
index 33a6dbb2..c26ce8c2 100644
--- a/askbot/doc/source/changelog.rst
+++ b/askbot/doc/source/changelog.rst
@@ -4,6 +4,7 @@ Changes in Askbot
 Development version (not released yet)
 --------------------------------------
 * Made email recovery link work when askbot is deployed on subdirectory (Evgeny)
+* Added tests for the CSRF_COOKIE_DOMAIN setting in the startup_procedures (Evgeny)
 
 0.7.39 (Jan 11, 2012)
 ---------------------
diff --git a/askbot/startup_procedures.py b/askbot/startup_procedures.py
index 05426898..8d3f4a75 100644
--- a/askbot/startup_procedures.py
+++ b/askbot/startup_procedures.py
@@ -9,6 +9,7 @@ the main function is run_startup_tests
 """
 import sys
 import os
+import re
 from django.db import transaction
 from django.conf import settings as django_settings
 from django.core.exceptions import ImproperlyConfigured
@@ -272,6 +273,33 @@ class SettingsTester(object):
                 '\n\n* '.join(self.messages)
             )
 
+def test_csrf_cookie_domain():
+    """makes sure that csrf cookie domain setting is acceptable"""
+    #todo: maybe use the same steps to clean domain name
+    csrf_cookie_domain = django_settings.CSRF_COOKIE_DOMAIN
+    if csrf_cookie_domain == 'localhost':
+        raise ImproperlyConfigured(
+            PREAMBLE + 
+            '\n\nPlease do not use value "localhost" for the setting '
+            'CSRF_COOKIE_DOMAIN\n'
+            'instead use 127.0.0.1, a real IP '
+            'address or domain name.'
+            '\nThe value must match the network location you type in the '
+            'web browser to reach your site.'
+        )
+    if re.match(r'https?://', csrf_cookie_domain):
+        raise ImproperlyConfigured(
+            PREAMBLE +
+            '\n\nplease remove http(s):// prefix in the CSRF_COOKIE_DOMAIN '
+            'setting'
+        )
+    if ':' in csrf_cookie_domain:
+        raise ImproperlyConfigured(
+            PREAMBLE + 
+            '\n\nPlease do not use port number in the CSRF_COOKIE_DOMAIN '
+            'setting'
+        )
+
 def run_startup_tests():
     """function that runs
     all startup tests, mainly checking settings config so far
@@ -285,6 +313,7 @@ def run_startup_tests():
     #test_postgres()
     test_middleware()
     test_celery()
+    test_csrf_cookie_domain()
     settings_tester = SettingsTester({
         'CACHE_MIDDLEWARE_ANONYMOUS_ONLY': {
             'value': True,