#14116: TestClient skips Csrf Middleware
----------------------------------------+-----------------------------------
Reporter: [email protected] | Owner: nobody
Status: reopened | Milestone:
Component: Testing framework | Version: 1.2
Resolution: | Keywords: TestClient
Stage: Accepted | Has_patch: 0
Needs_docs: 0 | Needs_tests: 0
Needs_better_patch: 0 |
----------------------------------------+-----------------------------------
Changes (by russellm):
* status: closed => reopened
* resolution: wontfix =>
* stage: Unreviewed => Accepted
Comment:
Luke - I'm going to reopen (and very soon, close again with a fix).
Specifically, I think the change you suggest -- a client that *doesn't*
disable CSRF protection -- is something that could be useful. I've just
hit this problem writing tests for contrib.flatpages trying to fix
#14156. This is a problem that is specifically about checking the way CSRF
protection is handled; while it *could* be tested in other ways, a simple
client request is easiest to read and understand by quite some margin.
I agree that *most* people won't need this option, but there is an edge
case where it can be useful.
--
Ticket URL: <http://code.djangoproject.com/ticket/14116#comment:2>
Django <http://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
