TestClient skips Csrf Middleware
|Reported by:||Owned by:||nobody|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
The following code is found in TestClient
try: request = WSGIRequest(environ) # sneaky little hack so that we can easily get round # CsrfViewMiddleware. This makes life easier, and is probably # required for backwards compatibility with external tests against # admin views. request._dont_enforce_csrf_checks = True response = self.get_response(request)
While this is nice, it makes the test behave in a way that does not really verify the site works.
Some of my views are run when accessed from a desktop program, and the desktop program does not send a CSRF token, resulting in a 403 Forbidden error, but does not happen when a test is run because of the above code.
Can we get an option to turn this off?
Change History (4)
comment:2 Changed 6 years ago by
|Status:||closed → reopened|
|Triage Stage:||Unreviewed → Accepted|