From 7e694e5fd858aeaea7eb7e9a9062b36d17a3b7f7 Mon Sep 17 00:00:00 2001 From: Nathan Yergler Date: Sat, 1 Oct 2011 13:13:14 -0700 Subject: [PATCH] #361: Don't test for CSRF token if we're running unit tests. --- mediagoblin/middleware/csrf.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/mediagoblin/middleware/csrf.py b/mediagoblin/middleware/csrf.py index 68ece6d3..d41bcd87 100644 --- a/mediagoblin/middleware/csrf.py +++ b/mediagoblin/middleware/csrf.py @@ -77,7 +77,10 @@ class CsrfMiddleware(object): # if this is a non-"safe" request (ie, one that could have # side effects), confirm that the CSRF tokens are present and # valid - if request.method not in self.SAFE_HTTP_METHODS: + if request.method not in self.SAFE_HTTP_METHODS \ + and ('gmg.verify_csrf' in request.environ or + 'paste.testing' not in request.environ): + return self.verify_tokens(request) def process_response(self, request, response): -- 2.25.1