#14116: TestClient skips Csrf Middleware
----------------------------------------+-----------------------------------
Reporter: [email protected] | Owner: nobody
Status: closed | Milestone:
Component: Testing framework | Version: 1.2
Resolution: wontfix | Keywords: TestClient
Stage: Unreviewed | Has_patch: 0
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
----------------------------------------+-----------------------------------
Changes (by lukeplant):
* status: new => closed
* needs_better_patch: => 0
* resolution: => wontfix
* needs_tests: => 0
* needs_docs: => 0
Comment:
An option to turn it off would not be very helpful. Much better would be
a subclass of Client that didn't do this that you can use as needed. You
can code that yourself without needing to change core Django behaviour
(subclass !ClientHandler and override `get_response`, subclass Client to
use the new handler, subclass !TestCase and override `_pre_setup` adding
`self.client = MyClient()`).
The fact of the matter is that the test client does not behave like a
browser does in many other ways, and in each way it differs it is also
failing to verify that your site actually works. If you want that kind of
testing, you need to use something like Twill or Windmill.
Also, I'm not sure how your tests are running, but I can't see that
changing this behaviour would actually make your tests more robust. If
you are doing functional tests of your desktop program, you shouldn't be
using the test client at all. If you are using the test client to send
requests in your tests, then you are by definition not testing what your
desktop app is actually sending.
Anyway, we are not intending to turn the test client into a proper browser
simulator. It is intended to do basic checks of views, and for that
purpose it is nicer to separate concerns and avoid the CSRF checks
altogether. So I'm closing WONTFIX.
Thanks.
--
Ticket URL: <http://code.djangoproject.com/ticket/14116#comment:1>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
