mirror of
				https://github.com/django/django.git
				synced 2025-10-24 22:26:08 +00:00 
			
		
		
		
	Fixed #32817 -- Added the token source to CsrfViewMiddleware's bad token error messages.
This commit is contained in:
		
				
					committed by
					
						 Mariusz Felisiak
						Mariusz Felisiak
					
				
			
			
				
	
			
			
			
						parent
						
							1a284afb07
						
					
				
				
					commit
					fcb75651f9
				
			| @@ -147,12 +147,24 @@ class CsrfViewMiddlewareTestMixin: | ||||
|         """ | ||||
|         cases = [ | ||||
|             (None, None, REASON_CSRF_TOKEN_MISSING), | ||||
|             (16 * 'a', None, 'CSRF token has incorrect length.'), | ||||
|             (64 * '*', None, 'CSRF token has invalid characters.'), | ||||
|             (64 * 'a', None, 'CSRF token incorrect.'), | ||||
|             (None, 16 * 'a', 'CSRF token has incorrect length.'), | ||||
|             (None, 64 * '*', 'CSRF token has invalid characters.'), | ||||
|             (None, 64 * 'a', 'CSRF token incorrect.'), | ||||
|             (16 * 'a', None, 'CSRF token from POST has incorrect length.'), | ||||
|             (64 * '*', None, 'CSRF token from POST has invalid characters.'), | ||||
|             (64 * 'a', None, 'CSRF token from POST incorrect.'), | ||||
|             ( | ||||
|                 None, | ||||
|                 16 * 'a', | ||||
|                 "CSRF token from the 'X-Csrftoken' HTTP header has incorrect length.", | ||||
|             ), | ||||
|             ( | ||||
|                 None, | ||||
|                 64 * '*', | ||||
|                 "CSRF token from the 'X-Csrftoken' HTTP header has invalid characters.", | ||||
|             ), | ||||
|             ( | ||||
|                 None, | ||||
|                 64 * 'a', | ||||
|                 "CSRF token from the 'X-Csrftoken' HTTP header incorrect.", | ||||
|             ), | ||||
|         ] | ||||
|         for post_token, meta_token, expected in cases: | ||||
|             with self.subTest(post_token=post_token, meta_token=meta_token): | ||||
| @@ -168,7 +180,10 @@ class CsrfViewMiddlewareTestMixin: | ||||
|         If a CSRF cookie is present and an invalid token is passed via a | ||||
|         custom CSRF_HEADER_NAME, the middleware rejects the incoming request. | ||||
|         """ | ||||
|         expected = 'CSRF token has incorrect length.' | ||||
|         expected = ( | ||||
|             "CSRF token from the 'X-Csrftoken-Customized' HTTP header has " | ||||
|             "incorrect length." | ||||
|         ) | ||||
|         self._check_bad_or_missing_token( | ||||
|             expected, | ||||
|             meta_token=16 * 'a', | ||||
|   | ||||
		Reference in New Issue
	
	Block a user