Re: Need help testing views with csrf in 1.1.1

Fri, 08 Jan 2010 20:20:36 -0800 

In case anyone else runs across this, the answer appears to be:
disable csrf protection while testing.

On Jan 8, 7:04 pm, Skylar Saveland <skylar.savel...@gmail.com> wrote:
> I wondering what I'm doing wrong here.  These views work as expected
> with a browser.  I was looking to improve my test coverage.
>
> >>> c = Client()
> >>> get_response = c.get( reverse('create', kwargs={'typ':'residential'}) )
> >>> get_response.status_code
> 200
> >>> post_response = c.post( reverse('create', kwargs={'typ':'residential'}), {
>
> ...             'username':'....@14.com', 'username2':'....@14.com',
> 'password1':'1',
> ...             'password2':'1', 'last':'Saveland', 'first':'Skylar',
> ...             'evening_phone': '706-338-4901', 'day_phone':
> '706-338-4901',
> ...             'secret_question': '1', 'answer': '1',
> 'receive_email': '2',
> ...             'x': '0', 'y': '0','tos': 'on',})>>> 
> post_response.status_code                          # this post works fine, 
> redirects, all intended side-effects are there.
> 302
> >>> response = c.get( reverse('select_type', kwargs={'typ':'residential'}) )
> >>> response.status_code
> 200
> >>> c.cookies
>
> <SimpleCookie: sessionid='9a30b64545b2ee796c896f7377f2785c'>>>> response = 
> c.post( reverse('select_type', kwargs={'typ':'residential'}), 
> {'residential_type':'1r'})
> >>> response.content
>
> '<html xmlns="http://www.w3.org/1999/xhtml";
> xml:lang="en"><body><h1>403 Forbidden</h1><p>Cross Site Request
> Forgery detected. Request aborted
> .</p></body></html>'
>
>
>
> Any ideas why this second POST would fail?  The Client instance does
> get logged in with the first post and the db is hit and everything.
> The first post seems to be doing everything right.  The second post, I
> can only get 403 no matter what I try, it seems.  On the other hand, I
> get good responses and a redirect with a good post from web browsers
> on this 'select_type' view.

-- 
You received this message because you are subscribed to the Google Groups 
"Django users" group.
To post to this group, send email to django-us...@googlegroups.com.
To unsubscribe from this group, send email to 
django-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/django-users?hl=en.

Reply via email to