def test_ensures_csrf_cookie_with_middleware(self): """ Tests that ensures_csrf_cookie decorator fulfils its promise with the middleware enabled. """ @ensure_csrf_cookie def view(request): # Doesn't insert a token or anything return HttpResponse(content="") req = self._get_GET_no_csrf_cookie_request() CsrfViewMiddleware().process_view(req, view, (), {}) resp = view(req) resp2 = CsrfViewMiddleware().process_response(req, resp) self.assertTrue(resp2.cookies.get(settings.CSRF_COOKIE_NAME, False)) self.assertTrue('Cookie' in resp2.get('Vary',''))
def test_process_response_get_token_used(self): """ When get_token is used, check that the cookie is created and headers patched. """ req = self._get_GET_no_csrf_cookie_request() # Put tests for CSRF_COOKIE_* settings here with self.settings(CSRF_COOKIE_NAME='myname', CSRF_COOKIE_DOMAIN='.example.com', CSRF_COOKIE_PATH='/test/', CSRF_COOKIE_SECURE=True): # token_view calls get_token() indirectly CsrfViewMiddleware().process_view(req, token_view, (), {}) resp = token_view(req) resp2 = CsrfViewMiddleware().process_response(req, resp) csrf_cookie = resp2.cookies.get('myname', False) self.assertNotEqual(csrf_cookie, False) self.assertEqual(csrf_cookie['domain'], '.example.com') self.assertEqual(csrf_cookie['secure'], True) self.assertEqual(csrf_cookie['path'], '/test/') self.assertTrue('Cookie' in resp2.get('Vary',''))