summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorFlávio Juvenal <flaviojuvenal@gmail.com>2017-05-24 16:36:45 -0700
committerTim Graham <timograham@gmail.com>2017-06-22 11:50:00 -0400
commit0af14b2eaa0bf0821a8aacc8486489a1eb348397 (patch)
tree36aeed00ae415f909278cea45e3d242990e39599 /tests
parente1cd5a76d739210ae3b45d2c5f1ac7a556d6fa53 (diff)
Refs #16870 -- Doc'd that CSRF protection requires the Referer header.
Diffstat (limited to 'tests')
-rw-r--r--tests/view_tests/tests/test_csrf.py7
1 files changed, 7 insertions, 0 deletions
diff --git a/tests/view_tests/tests/test_csrf.py b/tests/view_tests/tests/test_csrf.py
index 8a3f86c376..4c20cb897d 100644
--- a/tests/view_tests/tests/test_csrf.py
+++ b/tests/view_tests/tests/test_csrf.py
@@ -55,6 +55,13 @@ class CsrfViewTests(SimpleTestCase):
'HTTPS connections, or for &#39;same-origin&#39; requests.',
status_code=403,
)
+ self.assertContains(
+ response,
+ 'If you are using the &lt;meta name=&quot;referrer&quot; '
+ 'content=&quot;no-referrer&quot;&gt; tag or including the '
+ '&#39;Referrer-Policy: no-referrer&#39; header, please remove them.',
+ status_code=403,
+ )
def test_no_cookies(self):
"""