mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 14:16:09 +00:00
Code Issues 32 Releases Wiki Activity

[1.2.X] Fixed a security issue in the CSRF componenent. Disclosure and new release forthcoming.

Browse Source 
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15465 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Alex Gaynor
2011-02-09 02:07:05 +00:00
parent fdd3bd9d15
commit 818e70344e
3 changed files with 50 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
tests/regressiontests/csrf_tests/tests.py
View File

@@ -275,12 +275,12 @@ class CsrfMiddlewareTest(TestCase):
req2 = CsrfMiddleware().process_view(req, csrf_exempt(post_form_view), (), {})
self.assertEquals(None, req2)
def test_ajax_exemption(self):
def test_csrf_token_in_header(self):
"""
Check that AJAX requests are automatically exempted.
Check that we can pass in the token in a header instead of in the form
"""
req = self._get_POST_csrf_cookie_request()
req.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
req.META['HTTP_X_CSRFTOKEN'] = self._csrf_id
req2 = CsrfMiddleware().process_view(req, post_form_view, (), {})
self.assertEquals(None, req2)