def test_send_without_token_header(self):
"""Test support for legacy browsers that cannot support AJAX uploads.
This shows three things:
- users can authenticate by submitting the token in the form data.
- users can use a POST fallback.
- csrf is not required (the token is equivalent).
"""
client = Client(enforce_csrf_checks=True)
user = UserFactory.create()
token = AuthTokenFactory(user=user)
data = {'avatar': SIMPLE_PNG, 'token': token.key}
url = reverse('user_management_api:profile_avatar')
response = client.post(url, data=data)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertIn('avatar', response.data)
