From: Nathan Yergler <nathan@yergler.net>
Date: Sat, 1 Oct 2011 20:13:14 +0000 (-0700)
Subject: #361: Don't test for CSRF token if we're running unit tests.
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=7e694e5fd858aeaea7eb7e9a9062b36d17a3b7f7;p=mediagoblin.git

#361: Don't test for CSRF token if we're running unit tests.
---

diff --git a/mediagoblin/middleware/csrf.py b/mediagoblin/middleware/csrf.py
index 68ece6d3..d41bcd87 100644
--- a/mediagoblin/middleware/csrf.py
+++ b/mediagoblin/middleware/csrf.py
@@ -77,7 +77,10 @@ class CsrfMiddleware(object):
         # if this is a non-"safe" request (ie, one that could have
         # side effects), confirm that the CSRF tokens are present and
         # valid
-        if request.method not in self.SAFE_HTTP_METHODS:
+        if request.method not in self.SAFE_HTTP_METHODS \
+            and ('gmg.verify_csrf' in request.environ or
+                 'paste.testing' not in request.environ):
+
             return self.verify_tokens(request)
 
     def process_response(self, request, response):