Fixed #15354 - provide method to ensure CSRF token is always available for AJAX requests

Thanks to sayane for the report. git-svn-id: http://code.djangoproject.com/svn/django/trunk@16192 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2025-08-03 18:38:50 +00:00 · 2011-05-09 21:35:24 +00:00 · 2011-05-09 21:35:24 +00:00 · b6c5f8060d
commit b6c5f8060d
parent e9342e9b32
3 changed files with 71 additions and 2 deletions
--- a/tests/regressiontests/csrf_tests/tests.py
+++ b/tests/regressiontests/csrf_tests/tests.py
@ -4,7 +4,7 @@ import warnings
 from django.test import TestCase
 from django.http import HttpRequest, HttpResponse
 from django.middleware.csrf import CsrfViewMiddleware
-from django.views.decorators.csrf import csrf_exempt, requires_csrf_token
+from django.views.decorators.csrf import csrf_exempt, requires_csrf_token, ensure_csrf_cookie
 from django.core.context_processors import csrf
 from django.conf import settings
 from django.template import RequestContext, Template
@ -249,3 +249,35 @@ class CsrfViewMiddlewareTest(TestCase):
        req.META['HTTP_REFERER'] = 'https://www.example.com'
        req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
        self.assertEqual(None, req2)
+
+    def test_ensures_csrf_cookie_no_middleware(self):
+        """
+        Tests that ensures_csrf_cookie decorator fulfils its promise
+        with no middleware
+        """
+        @ensure_csrf_cookie
+        def view(request):
+            # Doesn't insert a token or anything
+            return HttpResponse(content="")
+
+        req = self._get_GET_no_csrf_cookie_request()
+        resp = view(req)
+        self.assertTrue(resp.cookies.get(settings.CSRF_COOKIE_NAME, False))
+        self.assertTrue('Cookie' in resp.get('Vary',''))
+
+    def test_ensures_csrf_cookie_with_middleware(self):
+        """
+        Tests that ensures_csrf_cookie decorator fulfils its promise
+        with the middleware enabled.
+        """
+        @ensure_csrf_cookie
+        def view(request):
+            # Doesn't insert a token or anything
+            return HttpResponse(content="")
+
+        req = self._get_GET_no_csrf_cookie_request()
+        CsrfViewMiddleware().process_view(req, view, (), {})
+        resp = view(req)
+        resp2 = CsrfViewMiddleware().process_response(req, resp)
+        self.assertTrue(resp2.cookies.get(settings.CSRF_COOKIE_NAME, False))
+        self.assertTrue('Cookie' in resp2.get('Vary',''))