#14116: TestClient skips Csrf Middleware
----------------------------------------+-----------------------------------
          Reporter:  [email protected]       |         Owner:  nobody    
            Status:  closed             |     Milestone:            
         Component:  Testing framework  |       Version:  1.2       
        Resolution:  wontfix            |      Keywords:  TestClient
             Stage:  Unreviewed         |     Has_patch:  0         
        Needs_docs:  0                  |   Needs_tests:  0         
Needs_better_patch:  0                  |  
----------------------------------------+-----------------------------------
Changes (by lukeplant):

  * status:  new => closed
  * needs_better_patch:  => 0
  * resolution:  => wontfix
  * needs_tests:  => 0
  * needs_docs:  => 0

Comment:

 An option to turn it off would not be very helpful.  Much better would be
 a subclass of Client that didn't do this that you can use as needed.  You
 can code that yourself without needing to change core Django behaviour
 (subclass !ClientHandler and override `get_response`, subclass Client to
 use the new handler, subclass !TestCase and override `_pre_setup` adding
 `self.client = MyClient()`).

 The fact of the matter is that the test client does not behave like a
 browser does in many other ways, and in each way it differs it is also
 failing to verify that your site actually works. If you want that kind of
 testing, you need to use something like Twill or Windmill.

 Also, I'm not sure how your tests are running, but I can't see that
 changing this behaviour would actually make your tests more robust.  If
 you are doing functional tests of your desktop program, you shouldn't be
 using the test client at all.  If you are using the test client to send
 requests in your tests, then you are by definition not testing what your
 desktop app is actually sending.

 Anyway, we are not intending to turn the test client into a proper browser
 simulator.  It is intended to do basic checks of views, and for that
 purpose it is nicer to separate concerns and avoid the CSRF checks
 altogether.  So I'm closing WONTFIX.

 Thanks.

-- 
Ticket URL: <http://code.djangoproject.com/ticket/14116#comment:1>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

-- 
You received this message because you are subscribed to the Google Groups 
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/django-updates?hl=en.

Reply via email to