summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorLuke Plant <L.Plant.98@cantab.net>2010-06-08 14:35:48 +0000
committerLuke Plant <L.Plant.98@cantab.net>2010-06-08 14:35:48 +0000
commitac8b7ff02133f3d9112574e3660fd5ad042bc751 (patch)
treee7fbac7c580781061f3fa6c06ac16f43ec292b72 /tests
parent21a690fcfeeb3fecef3baa50ac9a9f0c14260a7e (diff)
Fixed #13716 - the CSRF get_token function stopped working for views with csrf_view_exempt
This was a regression caused by the the CSRF changes in 1.2. Thanks to edevil for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@13336 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'tests')
-rw-r--r--tests/regressiontests/csrf_tests/tests.py28
1 files changed, 27 insertions, 1 deletions
diff --git a/tests/regressiontests/csrf_tests/tests.py b/tests/regressiontests/csrf_tests/tests.py
index 0a24522d9c..f383978266 100644
--- a/tests/regressiontests/csrf_tests/tests.py
+++ b/tests/regressiontests/csrf_tests/tests.py
@@ -3,7 +3,7 @@
from django.test import TestCase
from django.http import HttpRequest, HttpResponse
from django.middleware.csrf import CsrfMiddleware, CsrfViewMiddleware
-from django.views.decorators.csrf import csrf_exempt
+from django.views.decorators.csrf import csrf_exempt, csrf_view_exempt
from django.core.context_processors import csrf
from django.contrib.sessions.middleware import SessionMiddleware
from django.utils.importlib import import_module
@@ -123,6 +123,23 @@ class CsrfMiddlewareTest(TestCase):
# Check the Vary header got patched correctly
self.assert_('Cookie' in resp2.get('Vary',''))
+ def test_process_response_for_exempt_view(self):
+ """
+ Check that a view decorated with 'csrf_view_exempt' is still
+ post-processed to add the CSRF token.
+ """
+ req = self._get_GET_no_csrf_cookie_request()
+ CsrfMiddleware().process_view(req, csrf_view_exempt(post_form_view), (), {})
+
+ resp = post_form_response()
+ resp_content = resp.content # needed because process_response modifies resp
+ resp2 = CsrfMiddleware().process_response(req, resp)
+
+ csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, False)
+ self.assertNotEqual(csrf_cookie, False)
+ self.assertNotEqual(resp_content, resp2.content)
+ self._check_token_present(resp2, csrf_cookie.value)
+
def test_process_response_no_csrf_cookie_view_only_get_token_used(self):
"""
When no prior CSRF cookie exists, check that the cookie is created, even
@@ -279,6 +296,15 @@ class CsrfMiddlewareTest(TestCase):
resp = token_view(req)
self._check_token_present(resp)
+ def test_get_token_for_exempt_view(self):
+ """
+ Check that get_token still works for a view decorated with 'csrf_view_exempt'.
+ """
+ req = self._get_GET_csrf_cookie_request()
+ CsrfViewMiddleware().process_view(req, csrf_view_exempt(token_view), (), {})
+ resp = token_view(req)
+ self._check_token_present(resp)
+
def test_token_node_with_new_csrf_cookie(self):
"""
Check that CsrfTokenNode works when a CSRF cookie is created by