mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-11-24 21:00:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed #32800 -- Changed CsrfViewMiddleware not to mask the CSRF secret.

Browse source 
This also adds CSRF_COOKIE_MASKED transitional setting helpful in
migrating multiple instance of the same project to Django 4.1+.

Thanks Florian Apolloner and Shai Berger for reviews.

Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
This commit is contained in:
Chris Jerdonek 2021-08-17 09:13:13 -04:00 committed by Mariusz Felisiak
parent 05e29da421
commit 5d80843ebc
10 changed files with 284 additions and 143 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tests/csrf_tests/test_context_processor.py
View file

@ -9,7 +9,7 @@ class TestContextProcessor(CsrfFunctionTestMixin, SimpleTestCase):
def test_force_token_to_string(self):
request = HttpRequest()
test_token = '1bcdefghij2bcdefghij3bcdefghij4bcdefghij5bcdefghij6bcdefghijABCD'
request.META['CSRF_COOKIE'] = test_token
test_secret = 32 * 'a'
request.META['CSRF_COOKIE'] = test_secret
token = csrf(request).get('csrf_token')
self.assertMaskedSecretCorrect(token, 'lcccccccX2kcccccccY2jcccccccssIC')
self.assertMaskedSecretCorrect(token, test_secret)