TestClient skips Csrf Middleware
|Reported by:||jon@…||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
The following code is found in TestClient
try: request = WSGIRequest(environ) # sneaky little hack so that we can easily get round # CsrfViewMiddleware. This makes life easier, and is probably # required for backwards compatibility with external tests against # admin views. request._dont_enforce_csrf_checks = True response = self.get_response(request)
While this is nice, it makes the test behave in a way that does not really verify the site works.
Some of my views are run when accessed from a desktop program, and the desktop program does not send a CSRF token, resulting in a 403 Forbidden error, but does not happen when a test is run because of the above code.
Can we get an option to turn this off?
Change History (4)
comment:1 Changed 6 years ago by lukeplant
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Resolution set to wontfix
- Status changed from new to closed
comment:2 Changed 6 years ago by russellm
- Resolution wontfix deleted
- Status changed from closed to reopened
- Triage Stage changed from Unreviewed to Accepted
comment:3 Changed 6 years ago by russellm
- Resolution set to fixed
- Status changed from reopened to closed