4 years ago · 9e456f3166
--- a/django/utils/http.py
+++ b/django/utils/http.py
@@ -3,7 +3,6 @@ import calendar
 
				 import datetime
			
 
				 import re
			
 
				 import unicodedata
			
 
				-import warnings
			
 
				 from binascii import Error as BinasciiError
			
 
				 from email.utils import formatdate
			
 
				 from urllib.parse import (
			
@@ -12,7 +11,6 @@ from urllib.parse import (
 
				 )
			
 
				 
			
 
				 from django.utils.datastructures import MultiValueDict
			
 
				-from django.utils.deprecation import RemovedInDjango40Warning
			
 
				 from django.utils.regex_helper import _lazy_re_compile
			
 
				 
			
 
				 # based on RFC 7232, Appendix C
			
@@ -267,15 +265,6 @@ def url_has_allowed_host_and_scheme(url, allowed_hosts, require_https=False):
 
				     )
			
 
				 
			
 
				 
			
 
				-def is_safe_url(url, allowed_hosts, require_https=False):
			
 
				-    warnings.warn(
			
 
				-        'django.utils.http.is_safe_url() is deprecated in favor of '
			
 
				-        'url_has_allowed_host_and_scheme().',
			
 
				-        RemovedInDjango40Warning, stacklevel=2,
			
 
				-    )
			
 
				-    return url_has_allowed_host_and_scheme(url, allowed_hosts, require_https)
			
 
				-
			
 
				-
			
 
				 # Copied from urllib.parse.urlparse() but uses fixed urlsplit() function.
			
 
				 def _urlparse(url, scheme='', allow_fragments=True):
			
 
				     """Parse a URL into 6 components:
			
--- a/docs/releases/4.0.txt
+++ b/docs/releases/4.0.txt
@@ -262,6 +262,8 @@ to remove usage of these features.
 
				 
			
 
				 * ``django.utils.text.unescape_entities()`` is removed.
			
 
				 
			
 
				+* ``django.utils.http.is_safe_url()`` is removed.
			
 
				+
			
 
				 See :ref:`deprecated-features-3.1` for details on these changes, including how
			
 
				 to remove usage of these features.
			
 
				 
			
--- a/tests/utils_tests/test_http.py
+++ b/tests/utils_tests/test_http.py
@@ -5,12 +5,11 @@ from unittest import mock
 
				 
			
 
				 from django.test import SimpleTestCase
			
 
				 from django.utils.datastructures import MultiValueDict
			
 
				-from django.utils.deprecation import RemovedInDjango40Warning
			
 
				 from django.utils.http import (
			
 
				     base36_to_int, escape_leading_slashes, http_date, int_to_base36,
			
 
				-    is_safe_url, is_same_domain, parse_etags, parse_http_date, parse_qsl,
			
 
				-    quote_etag, url_has_allowed_host_and_scheme, urlencode,
			
 
				-    urlsafe_base64_decode, urlsafe_base64_encode,
			
 
				+    is_same_domain, parse_etags, parse_http_date, parse_qsl, quote_etag,
			
 
				+    url_has_allowed_host_and_scheme, urlencode, urlsafe_base64_decode,
			
 
				+    urlsafe_base64_encode,
			
 
				 )
			
 
				 
			
 
				 
			
@@ -130,7 +129,7 @@ class Base36IntTests(SimpleTestCase):
 
				             self.assertEqual(base36_to_int(b36), n)
			
 
				 
			
 
				 
			
 
				-class IsSafeURLTests(SimpleTestCase):
			
 
				+class URLHasAllowedHostAndSchemeTests(unittest.TestCase):
			
 
				     def test_bad_urls(self):
			
 
				         bad_urls = (
			
 
				             'http://example.com',
			
@@ -234,14 +233,6 @@ class IsSafeURLTests(SimpleTestCase):
 
				                     False,
			
 
				                 )
			
 
				 
			
 
				-    def test_is_safe_url_deprecated(self):
			
 
				-        msg = (
			
 
				-            'django.utils.http.is_safe_url() is deprecated in favor of '
			
 
				-            'url_has_allowed_host_and_scheme().'
			
 
				-        )
			
 
				-        with self.assertWarnsMessage(RemovedInDjango40Warning, msg):
			
 
				-            is_safe_url('https://example.com', allowed_hosts={'example.com'})
			
 
				-
			
 
				 
			
 
				 class URLSafeBase64Tests(unittest.TestCase):
			
 
				     def test_roundtrip(self):