diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2010-06-08 14:35:48 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2010-06-08 14:35:48 +0000 |
| commit | ac8b7ff02133f3d9112574e3660fd5ad042bc751 (patch) | |
| tree | e7fbac7c580781061f3fa6c06ac16f43ec292b72 /tests | |
| parent | 21a690fcfeeb3fecef3baa50ac9a9f0c14260a7e (diff) | |
Fixed #13716 - the CSRF get_token function stopped working for views with csrf_view_exempt
This was a regression caused by the the CSRF changes in 1.2.
Thanks to edevil for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@13336 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/regressiontests/csrf_tests/tests.py | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/tests/regressiontests/csrf_tests/tests.py b/tests/regressiontests/csrf_tests/tests.py index 0a24522d9c..f383978266 100644 --- a/tests/regressiontests/csrf_tests/tests.py +++ b/tests/regressiontests/csrf_tests/tests.py @@ -3,7 +3,7 @@ from django.test import TestCase from django.http import HttpRequest, HttpResponse from django.middleware.csrf import CsrfMiddleware, CsrfViewMiddleware -from django.views.decorators.csrf import csrf_exempt +from django.views.decorators.csrf import csrf_exempt, csrf_view_exempt from django.core.context_processors import csrf from django.contrib.sessions.middleware import SessionMiddleware from django.utils.importlib import import_module @@ -123,6 +123,23 @@ class CsrfMiddlewareTest(TestCase): # Check the Vary header got patched correctly self.assert_('Cookie' in resp2.get('Vary','')) + def test_process_response_for_exempt_view(self): + """ + Check that a view decorated with 'csrf_view_exempt' is still + post-processed to add the CSRF token. + """ + req = self._get_GET_no_csrf_cookie_request() + CsrfMiddleware().process_view(req, csrf_view_exempt(post_form_view), (), {}) + + resp = post_form_response() + resp_content = resp.content # needed because process_response modifies resp + resp2 = CsrfMiddleware().process_response(req, resp) + + csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, False) + self.assertNotEqual(csrf_cookie, False) + self.assertNotEqual(resp_content, resp2.content) + self._check_token_present(resp2, csrf_cookie.value) + def test_process_response_no_csrf_cookie_view_only_get_token_used(self): """ When no prior CSRF cookie exists, check that the cookie is created, even @@ -279,6 +296,15 @@ class CsrfMiddlewareTest(TestCase): resp = token_view(req) self._check_token_present(resp) + def test_get_token_for_exempt_view(self): + """ + Check that get_token still works for a view decorated with 'csrf_view_exempt'. + """ + req = self._get_GET_csrf_cookie_request() + CsrfViewMiddleware().process_view(req, csrf_view_exempt(token_view), (), {}) + resp = token_view(req) + self._check_token_present(resp) + def test_token_node_with_new_csrf_cookie(self): """ Check that CsrfTokenNode works when a CSRF cookie is created by |
