Just wondering if CSRF token should be also rotated when accessed via
unittest client.
Middleware is in place and rotation happens via a browser.
Bug or intended behaviour, or perhaps a misuse ?
# Example
self.client = Client(enforce_csrf_checks=True)
resp = self.client.get(reverse('admin:login'))
csrf_token_from_cookie_pre_login =
self.client.cookies['csrftoken'].value
credentials = {
'username': 'me',
'password': 'pass',
'csrfmiddlewaretoken': csrf_token_from_cookie_pre_login,
}
resp = self.client.post(reverse('admin:login'), data=credentials)
csrf_token_from_cookie_post_login =
self.client.cookies['csrftoken'].value
self.assertNotEqual(csrf_token_from_cookie_*post_login*,
csrf_token_from_cookie_*pre_login*)
# They are equal
Thanks,
Val
--
You received this message because you are subscribed to the Google Groups
"Django developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/django-developers.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-developers/153f64ae-5211-471d-bb95-5cd76adb6699%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
