There are a few moving parts here, my guess is something failing in the last of these:
By default in Mezzanine, forms use the "fields_for" template tag, which is just a helper for rendering forms: https://github.com/stephenmcd/mezzanine/blob/master/mezzanine/core/templates/includes/form_fields.html You'll see at the top of its template, it uses the "nevercache" tag which is fairly self explanatory - it's wrapped around the csrf token so that it's never cached. Then finally you'll see in both phases of the caching middleware, special handling of the csrf token is required: https://github.com/stephenmcd/mezzanine/blob/master/mezzanine/core/middleware.py#L169-L181 https://github.com/stephenmcd/mezzanine/blob/master/mezzanine/core/middleware.py#L210-L213 It's likely that last part is somehow incompatible with LiveServerTestCase - I personally haven't used that before, but with regular Django test cases I've experienced a lot of differences in how sessions, request objects and everything related, actually work, compared to an actual running site. My advice would be to first verify these forms actually work for you in production, so that you can isolate this issue down to testing only, and then unless you're feeling particularly adventurous, disable caching for those particular tests that are failing - I understand there's a decorator in Django for modifying settings per test, but the name escapes me. Good luck! On Wed, Mar 5, 2014 at 9:48 AM, <jenniferlia...@gmail.com> wrote: > Hi, > > I'm using LiveServerTestCase, as described > here<http://chimera.labs.oreilly.com/books/1234000000754/ch17.html#_getting_the_ft_to_run_the_management_on_the_server>, > to automate remote staging testing my site which uses mezzanine 3.0.9. The > automated tests involve logging and out different users, sometimes quite > rapidly. When caching is turned on as per the settings in > live_settings.py, I get CSRF errors on login. If I turn off caching to > memcache, I don't get the errors. > > I see that the UpdateCache middleware will go to cache if the user is > anonymous. At the time the user fills out the login form, they are > anonymous.... so therefore the login page must be cached, which is causing > my CSRF failures (?). Unless I'm missing something, this is also true for > the signup page. It seems like this could be a problem if people submit, > say, a login or signup form with errors, that then happens to get cached > and shown to the next user. > > Shouldn't there be a strategy to not cache these forms? > > Jennifer > > -- > You received this message because you are subscribed to the Google Groups > "Mezzanine Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to mezzanine-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. > -- Stephen McDonald http://jupo.org -- You received this message because you are subscribed to the Google Groups "Mezzanine Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to mezzanine-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
