summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorAlex Gaynor <alex.gaynor@gmail.com>2011-02-09 02:06:27 +0000
committerAlex Gaynor <alex.gaynor@gmail.com>2011-02-09 02:06:27 +0000
commit208630aa4b6460cb31cd81be2cc83d4075f1f27b (patch)
tree7a2111d9cb7415678d3cb68474119a0401ad37fd /tests
parentc2666c9a455852ef1ae8fec986d6c0fdfc2b779f (diff)
Fixed a security issue in the CSRF component. Disclosure and new release forthcoming.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15464 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'tests')
-rw-r--r--tests/regressiontests/csrf_tests/tests.py6
1 files changed, 3 insertions, 3 deletions
diff --git a/tests/regressiontests/csrf_tests/tests.py b/tests/regressiontests/csrf_tests/tests.py
index ea18d7d010..7e14d0a565 100644
--- a/tests/regressiontests/csrf_tests/tests.py
+++ b/tests/regressiontests/csrf_tests/tests.py
@@ -284,12 +284,12 @@ class CsrfMiddlewareTest(TestCase):
req2 = CsrfMiddleware().process_view(req, csrf_exempt(post_form_view), (), {})
self.assertEquals(None, req2)
- def test_ajax_exemption(self):
+ def test_csrf_token_in_header(self):
"""
- Check that AJAX requests are automatically exempted.
+ Check that we can pass in the token in a header instead of in the form
"""
req = self._get_POST_csrf_cookie_request()
- req.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
+ req.META['HTTP_X_CSRFTOKEN'] = self._csrf_id
req2 = CsrfMiddleware().process_view(req, post_form_view, (), {})
self.assertEquals(None, req2)