summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorLuke Plant <L.Plant.98@cantab.net>2011-05-09 21:35:24 +0000
committerLuke Plant <L.Plant.98@cantab.net>2011-05-09 21:35:24 +0000
commitb6c5f8060d45a7cffe42928a4b67b6a4e2ba9264 (patch)
treeeb36dfe6f3796f86abd3335a52cbcc0e1ca75f7b /tests
parente9342e9b3200bb55d92e67a3b9be7392a3e54b56 (diff)
Fixed #15354 - provide method to ensure CSRF token is always available for AJAX requests
Thanks to sayane for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'tests')
-rw-r--r--tests/regressiontests/csrf_tests/tests.py34
1 files changed, 33 insertions, 1 deletions
diff --git a/tests/regressiontests/csrf_tests/tests.py b/tests/regressiontests/csrf_tests/tests.py
index a98a6a4282..1285c1ddac 100644
--- a/tests/regressiontests/csrf_tests/tests.py
+++ b/tests/regressiontests/csrf_tests/tests.py
@@ -4,7 +4,7 @@ import warnings
from django.test import TestCase
from django.http import HttpRequest, HttpResponse
from django.middleware.csrf import CsrfViewMiddleware
-from django.views.decorators.csrf import csrf_exempt, requires_csrf_token
+from django.views.decorators.csrf import csrf_exempt, requires_csrf_token, ensure_csrf_cookie
from django.core.context_processors import csrf
from django.conf import settings
from django.template import RequestContext, Template
@@ -249,3 +249,35 @@ class CsrfViewMiddlewareTest(TestCase):
req.META['HTTP_REFERER'] = 'https://www.example.com'
req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
self.assertEqual(None, req2)
+
+ def test_ensures_csrf_cookie_no_middleware(self):
+ """
+ Tests that ensures_csrf_cookie decorator fulfils its promise
+ with no middleware
+ """
+ @ensure_csrf_cookie
+ def view(request):
+ # Doesn't insert a token or anything
+ return HttpResponse(content="")
+
+ req = self._get_GET_no_csrf_cookie_request()
+ resp = view(req)
+ self.assertTrue(resp.cookies.get(settings.CSRF_COOKIE_NAME, False))
+ self.assertTrue('Cookie' in resp.get('Vary',''))
+
+ def test_ensures_csrf_cookie_with_middleware(self):
+ """
+ Tests that ensures_csrf_cookie decorator fulfils its promise
+ with the middleware enabled.
+ """
+ @ensure_csrf_cookie
+ def view(request):
+ # Doesn't insert a token or anything
+ return HttpResponse(content="")
+
+ req = self._get_GET_no_csrf_cookie_request()
+ CsrfViewMiddleware().process_view(req, view, (), {})
+ resp = view(req)
+ resp2 = CsrfViewMiddleware().process_response(req, resp)
+ self.assertTrue(resp2.cookies.get(settings.CSRF_COOKIE_NAME, False))
+ self.assertTrue('Cookie' in resp2.get('Vary',''))