From eef95ea96faef0b7dbbe0c8092202b74f68a899b Mon Sep 17 00:00:00 2001 From: Jay Cox Date: Thu, 23 Apr 2015 23:24:38 -0700 Subject: Fixed #24696 -- Made CSRF_COOKIE computation lazy. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Only compute the CSRF_COOKIE when it is actually used. This is a significant speedup for clients not using cookies. Changed result of the “test_token_node_no_csrf_cookie” test: It gets a valid CSRF token now which seems like the correct behavior. Changed auth_tests.test_views.LoginTest.test_login_csrf_rotate to use get_token() to trigger CSRF cookie inclusion instead of changing request.META["CSRF_COOKIE_USED"] directly. --- tests/auth_tests/test_views.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'tests/auth_tests') diff --git a/tests/auth_tests/test_views.py b/tests/auth_tests/test_views.py index 5ebe9f2938..033d083e18 100644 --- a/tests/auth_tests/test_views.py +++ b/tests/auth_tests/test_views.py @@ -23,7 +23,7 @@ from django.core import mail from django.core.urlresolvers import NoReverseMatch, reverse, reverse_lazy from django.db import connection from django.http import HttpRequest, QueryDict -from django.middleware.csrf import CsrfViewMiddleware +from django.middleware.csrf import CsrfViewMiddleware, get_token from django.test import ( TestCase, ignore_warnings, modify_settings, override_settings, ) @@ -606,7 +606,8 @@ class LoginTest(AuthViewsTestCase): # TestClient isn't used here as we're testing middleware, essentially. req = HttpRequest() CsrfViewMiddleware().process_view(req, login_view, (), {}) - req.META["CSRF_COOKIE_USED"] = True + # get_token() triggers CSRF token inclusion in the response + get_token(req) resp = login_view(req) resp2 = CsrfViewMiddleware().process_response(req, resp) csrf_cookie = resp2.cookies.get(settings.CSRF_COOKIE_NAME, None) -- cgit v1.3