#361: Don't test for CSRF token if we're running unit tests.

author Nathan Yergler <nathan@yergler.net>

Sat, 1 Oct 2011 20:13:14 +0000 (13:13 -0700)

committer Nathan Yergler <nathan@yergler.net>

Sat, 1 Oct 2011 21:20:35 +0000 (14:20 -0700)
author Nathan Yergler <nathan@yergler.net>
Sat, 1 Oct 2011 20:13:14 +0000 (13:13 -0700)
committer Nathan Yergler <nathan@yergler.net>
Sat, 1 Oct 2011 21:20:35 +0000 (14:20 -0700)
diff --git a/mediagoblin/middleware/csrf.py b/mediagoblin/middleware/csrf.py

index 68ece6d3cfb290e9b268133f9873ce6d49065c46..d41bcd87abe9d94d81da8433305c67d906b97691 100644 (file)
--- a/mediagoblin/middleware/csrf.py
+++ b/mediagoblin/middleware/csrf.py
@@ -77,7 +77,10 @@ class CsrfMiddleware(object):
          # if this is a non-"safe" request (ie, one that could have
          # side effects), confirm that the CSRF tokens are present and
          # valid
-        if request.method not in self.SAFE_HTTP_METHODS:
+        if request.method not in self.SAFE_HTTP_METHODS \
+            and ('gmg.verify_csrf' in request.environ or
+                 'paste.testing' not in request.environ):
+
              return self.verify_tokens(request)
  
      def process_response(self, request, response):
author	Nathan Yergler <nathan@yergler.net>
	Sat, 1 Oct 2011 20:13:14 +0000 (13:13 -0700)
committer	Nathan Yergler <nathan@yergler.net>
	Sat, 1 Oct 2011 21:20:35 +0000 (14:20 -0700)