diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2011-05-09 21:35:24 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2011-05-09 21:35:24 +0000 |
| commit | b6c5f8060d45a7cffe42928a4b67b6a4e2ba9264 (patch) | |
| tree | eb36dfe6f3796f86abd3335a52cbcc0e1ca75f7b /tests | |
| parent | e9342e9b3200bb55d92e67a3b9be7392a3e54b56 (diff) | |
Fixed #15354 - provide method to ensure CSRF token is always available for AJAX requests
Thanks to sayane for the report.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/regressiontests/csrf_tests/tests.py | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/tests/regressiontests/csrf_tests/tests.py b/tests/regressiontests/csrf_tests/tests.py index a98a6a4282..1285c1ddac 100644 --- a/tests/regressiontests/csrf_tests/tests.py +++ b/tests/regressiontests/csrf_tests/tests.py @@ -4,7 +4,7 @@ import warnings from django.test import TestCase from django.http import HttpRequest, HttpResponse from django.middleware.csrf import CsrfViewMiddleware -from django.views.decorators.csrf import csrf_exempt, requires_csrf_token +from django.views.decorators.csrf import csrf_exempt, requires_csrf_token, ensure_csrf_cookie from django.core.context_processors import csrf from django.conf import settings from django.template import RequestContext, Template @@ -249,3 +249,35 @@ class CsrfViewMiddlewareTest(TestCase): req.META['HTTP_REFERER'] = 'https://www.example.com' req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {}) self.assertEqual(None, req2) + + def test_ensures_csrf_cookie_no_middleware(self): + """ + Tests that ensures_csrf_cookie decorator fulfils its promise + with no middleware + """ + @ensure_csrf_cookie + def view(request): + # Doesn't insert a token or anything + return HttpResponse(content="") + + req = self._get_GET_no_csrf_cookie_request() + resp = view(req) + self.assertTrue(resp.cookies.get(settings.CSRF_COOKIE_NAME, False)) + self.assertTrue('Cookie' in resp.get('Vary','')) + + def test_ensures_csrf_cookie_with_middleware(self): + """ + Tests that ensures_csrf_cookie decorator fulfils its promise + with the middleware enabled. + """ + @ensure_csrf_cookie + def view(request): + # Doesn't insert a token or anything + return HttpResponse(content="") + + req = self._get_GET_no_csrf_cookie_request() + CsrfViewMiddleware().process_view(req, view, (), {}) + resp = view(req) + resp2 = CsrfViewMiddleware().process_response(req, resp) + self.assertTrue(resp2.cookies.get(settings.CSRF_COOKIE_NAME, False)) + self.assertTrue('Cookie' in resp2.get('Vary','')) |
