django-rest-framework/tests/test_templates.py

import re

from django.shortcuts import render


def test_base_template_with_context():
    context = {'request': True, 'csrf_token': 'TOKEN'}
    result = render({}, 'rest_framework/base.html', context=context)
    assert re.search(r'"csrfToken": "TOKEN"', result.content.decode())


def test_base_template_with_no_context():
    # base.html should be renderable with no context,
    # so it can be easily extended.
    result = render({}, 'rest_framework/base.html')
    # note that this response will not include a valid CSRF token
    assert re.search(r'"csrfToken": ""', result.content.decode())
Made templates compatible with session-based CSRF. (#6207) 2019-02-19 14:15:03 +03:00			`import re`

Fixed AttributeError from items filter when value is None (#5981) 2018-05-11 09:50:08 +03:00			`from django.shortcuts import render`


Revert "made Browsable API base template cachable: omit CSRF token when unnecessary (#7717)" (#7847) This reverts commit 9c9ffb18f44062fd05f0b4e06b756c0a35230561. 2021-03-17 16:24:55 +03:00			`def test_base_template_with_context():`
			`context = {'request': True, 'csrf_token': 'TOKEN'}`
			`result = render({}, 'rest_framework/base.html', context=context)`
Avoid inline script execution for injecting CSRF token (#7016) Scripts with type="application/json" or "text/plain" are not executed, so we can use them to inject dynamic CSRF data, without allowing inline-script execution in Content-Security-Policy. 2022-11-29 19:10:32 +03:00			`assert re.search(r'"csrfToken": "TOKEN"', result.content.decode())`
Revert "made Browsable API base template cachable: omit CSRF token when unnecessary (#7717)" (#7847) This reverts commit 9c9ffb18f44062fd05f0b4e06b756c0a35230561. 2021-03-17 16:24:55 +03:00

Fixed AttributeError from items filter when value is None (#5981) 2018-05-11 09:50:08 +03:00			`def test_base_template_with_no_context():`
			`# base.html should be renderable with no context,`
			`# so it can be easily extended.`
Made templates compatible with session-based CSRF. (#6207) 2019-02-19 14:15:03 +03:00			`result = render({}, 'rest_framework/base.html')`
			`# note that this response will not include a valid CSRF token`
Avoid inline script execution for injecting CSRF token (#7016) Scripts with type="application/json" or "text/plain" are not executed, so we can use them to inject dynamic CSRF data, without allowing inline-script execution in Content-Security-Policy. 2022-11-29 19:10:32 +03:00			`assert re.search(r'"csrfToken": ""', result.content.decode())`