diff options
author | Chris Jerdonek <chris.jerdonek@gmail.com> | 2021-08-17 09:13:13 -0400 |
---|---|---|
committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2021-11-29 10:47:39 +0100 |
commit | 5d80843ebc5376d00f98bf2a6aadbada4c29365c (patch) | |
tree | f3886af181e6ef4f0cacfa8192e0815de1ac26a9 /tests/deprecation | |
parent | 05e29da4212fa9f590d7bd10767ebacb25acfde9 (diff) | |
download | django-5d80843ebc5376d00f98bf2a6aadbada4c29365c.tar.gz |
Fixed #32800 -- Changed CsrfViewMiddleware not to mask the CSRF secret.
This also adds CSRF_COOKIE_MASKED transitional setting helpful in
migrating multiple instance of the same project to Django 4.1+.
Thanks Florian Apolloner and Shai Berger for reviews.
Co-Authored-By: Mariusz Felisiak <felisiak.mariusz@gmail.com>
Diffstat (limited to 'tests/deprecation')
-rw-r--r-- | tests/deprecation/test_csrf_cookie_masked.py | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/tests/deprecation/test_csrf_cookie_masked.py b/tests/deprecation/test_csrf_cookie_masked.py new file mode 100644 index 0000000000..74592fd0b7 --- /dev/null +++ b/tests/deprecation/test_csrf_cookie_masked.py @@ -0,0 +1,30 @@ +import sys +from types import ModuleType + +from django.conf import CSRF_COOKIE_MASKED_DEPRECATED_MSG, Settings, settings +from django.test import SimpleTestCase +from django.utils.deprecation import RemovedInDjango50Warning + + +class CsrfCookieMaskedDeprecationTests(SimpleTestCase): + msg = CSRF_COOKIE_MASKED_DEPRECATED_MSG + + def test_override_settings_warning(self): + with self.assertRaisesMessage(RemovedInDjango50Warning, self.msg): + with self.settings(CSRF_COOKIE_MASKED=True): + pass + + def test_settings_init_warning(self): + settings_module = ModuleType('fake_settings_module') + settings_module.USE_TZ = False + settings_module.CSRF_COOKIE_MASKED = True + sys.modules['fake_settings_module'] = settings_module + try: + with self.assertRaisesMessage(RemovedInDjango50Warning, self.msg): + Settings('fake_settings_module') + finally: + del sys.modules['fake_settings_module'] + + def test_access(self): + # Warning is not raised on access. + self.assertEqual(settings.CSRF_COOKIE_MASKED, False) |