From 7b53960c3bef7ffc8deb727639afd2ea118879b0 Mon Sep 17 00:00:00 2001
From: Tom Christie <tom@tomchristie.com>
Date: Wed, 17 Mar 2021 13:24:55 +0000
Subject: [PATCH] Revert "made Browsable API base template cachable: omit CSRF
 token when unnecessary (#7717)" (#7847)

This reverts commit 9c9ffb18f44062fd05f0b4e06b756c0a35230561.
---
 .../templates/rest_framework/base.html        |  2 +-
 tests/test_templates.py                       | 20 ++++++-------------
 2 files changed, 7 insertions(+), 15 deletions(-)

diff --git a/rest_framework/templates/rest_framework/base.html b/rest_framework/templates/rest_framework/base.html
index 4d057b632..a88e1591c 100644
--- a/rest_framework/templates/rest_framework/base.html
+++ b/rest_framework/templates/rest_framework/base.html
@@ -290,7 +290,7 @@
       <script>
         window.drf = {
           csrfHeaderName: "{{ csrf_header_name|default:'X-CSRFToken' }}",
-          csrfToken: "{% if request %}{% if post_form or put_form %}{{ csrf_token }}{% endif %}{% endif %}"
+          csrfToken: "{% if request %}{{ csrf_token }}{% endif %}"
         };
       </script>
       <script src="{% static "rest_framework/js/jquery-3.5.1.min.js" %}"></script>
diff --git a/tests/test_templates.py b/tests/test_templates.py
index 195296e16..0dba78ea2 100644
--- a/tests/test_templates.py
+++ b/tests/test_templates.py
@@ -3,23 +3,15 @@ import re
 from django.shortcuts import render
 
 
+def test_base_template_with_context():
+    context = {'request': True, 'csrf_token': 'TOKEN'}
+    result = render({}, 'rest_framework/base.html', context=context)
+    assert re.search(r'\bcsrfToken: "TOKEN"', result.content.decode())
+
+
 def test_base_template_with_no_context():
     # base.html should be renderable with no context,
     # so it can be easily extended.
     result = render({}, 'rest_framework/base.html')
     # note that this response will not include a valid CSRF token
     assert re.search(r'\bcsrfToken: ""', result.content.decode())
-
-
-def test_base_template_with_simple_context():
-    context = {'request': True, 'csrf_token': 'TOKEN'}
-    result = render({}, 'rest_framework/base.html', context=context)
-    # note that response will STILL not include a CSRF token
-    assert re.search(r'\bcsrfToken: ""', result.content.decode())
-
-
-def test_base_template_with_editing_context():
-    context = {'request': True, 'post_form': object(), 'csrf_token': 'TOKEN'}
-    result = render({}, 'rest_framework/base.html', context=context)
-    # response includes a CSRF token in support of the POST form
-    assert re.search(r'\bcsrfToken: "TOKEN"', result.content.decode())