Opened 15 years ago
Closed 15 years ago
#11692 closed (wontfix)
CSRF middleware causing contrib.auth password change tests to fail
| Reported by: | jdriscoll | Owned by: | nobody |
|---|---|---|---|
| Component: | Uncategorized | Version: | dev |
| Severity: | Keywords: | ||
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
When using the CSRF middleware, these three tests from django.contrib.auth.tests.views are failing with a 403 status (Response: "Cross Site Request Forgery detected. Request aborted."):
- test_password_change_fails_with_invalid_old_password
- test_password_change_fails_with_mismatched_passwords
- test_password_change_succeeds
These tests pass when the CSRF middleware is disabled.
Currently running r11430.
Note:
See TracTickets
for help on using tickets.
You have to run the tests with the middleware disabled. None of the tests use proper browser emulation (i.e. posting hidden fields that are in the forms), and so will fail to get through the CSRF checks which rely on a hidden field.