diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2011-02-09 02:06:27 +0000 |
|---|---|---|
| committer | Alex Gaynor <alex.gaynor@gmail.com> | 2011-02-09 02:06:27 +0000 |
| commit | 208630aa4b6460cb31cd81be2cc83d4075f1f27b (patch) | |
| tree | 7a2111d9cb7415678d3cb68474119a0401ad37fd /tests | |
| parent | c2666c9a455852ef1ae8fec986d6c0fdfc2b779f (diff) | |
Fixed a security issue in the CSRF component. Disclosure and new release forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15464 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/regressiontests/csrf_tests/tests.py | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/tests/regressiontests/csrf_tests/tests.py b/tests/regressiontests/csrf_tests/tests.py index ea18d7d010..7e14d0a565 100644 --- a/tests/regressiontests/csrf_tests/tests.py +++ b/tests/regressiontests/csrf_tests/tests.py @@ -284,12 +284,12 @@ class CsrfMiddlewareTest(TestCase): req2 = CsrfMiddleware().process_view(req, csrf_exempt(post_form_view), (), {}) self.assertEquals(None, req2) - def test_ajax_exemption(self): + def test_csrf_token_in_header(self): """ - Check that AJAX requests are automatically exempted. + Check that we can pass in the token in a header instead of in the form """ req = self._get_POST_csrf_cookie_request() - req.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest' + req.META['HTTP_X_CSRFTOKEN'] = self._csrf_id req2 = CsrfMiddleware().process_view(req, post_form_view, (), {}) self.assertEquals(None, req2) |
