diff options
| author | Flávio Juvenal <flaviojuvenal@gmail.com> | 2017-05-24 16:36:45 -0700 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2017-06-22 11:50:00 -0400 |
| commit | 0af14b2eaa0bf0821a8aacc8486489a1eb348397 (patch) | |
| tree | 36aeed00ae415f909278cea45e3d242990e39599 /tests | |
| parent | e1cd5a76d739210ae3b45d2c5f1ac7a556d6fa53 (diff) | |
Refs #16870 -- Doc'd that CSRF protection requires the Referer header.
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/view_tests/tests/test_csrf.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/tests/view_tests/tests/test_csrf.py b/tests/view_tests/tests/test_csrf.py index 8a3f86c376..4c20cb897d 100644 --- a/tests/view_tests/tests/test_csrf.py +++ b/tests/view_tests/tests/test_csrf.py @@ -55,6 +55,13 @@ class CsrfViewTests(SimpleTestCase): 'HTTPS connections, or for 'same-origin' requests.', status_code=403, ) + self.assertContains( + response, + 'If you are using the <meta name="referrer" ' + 'content="no-referrer"> tag or including the ' + ''Referrer-Policy: no-referrer' header, please remove them.', + status_code=403, + ) def test_no_cookies(self): """ |
