From 668d53cd125175eb708cc0af143f47b42cd42153 Mon Sep 17 00:00:00 2001 From: Grzegorz Slusarek Date: Sat, 21 Feb 2015 22:57:02 +0100 Subject: Fixed #21495 -- Added settings.CSRF_HEADER_NAME --- tests/csrf_tests/tests.py | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'tests') diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py index 21caacc1d9..7469da34b2 100644 --- a/tests/csrf_tests/tests.py +++ b/tests/csrf_tests/tests.py @@ -189,6 +189,16 @@ class CsrfViewMiddlewareTest(TestCase): req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {}) self.assertIsNone(req2) + @override_settings(CSRF_HEADER_NAME='HTTP_X_CSRFTOKEN_CUSTOMIZED') + def test_csrf_token_in_header_with_customized_name(self): + """ + settings.CSRF_HEADER_NAME can be used to customize the CSRF header name + """ + req = self._get_POST_csrf_cookie_request() + req.META['HTTP_X_CSRFTOKEN_CUSTOMIZED'] = self._csrf_id + req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {}) + self.assertIsNone(req2) + def test_put_and_delete_rejected(self): """ Tests that HTTP PUT and DELETE methods have protection -- cgit v1.3