+
+def test_csrf_exempt(test_app):
+ # monkey with the views to decorate a known endpoint
+ import mediagoblin.auth.views
+ from mediagoblin.meddleware.csrf import csrf_exempt
+
+ mediagoblin.auth.views.login = csrf_exempt(
+ mediagoblin.auth.views.login
+ )
+
+ # construct a request with no cookie or form token
+ assert test_app.post('/auth/login/',
+ extra_environ={'gmg.verify_csrf': True},
+ expect_errors=False).status_int == 200
+
+ # restore the CSRF protection in case other tests expect it
+ mediagoblin.auth.views.login.csrf_enabled = True