mirror of
https://github.com/encode/django-rest-framework.git
synced 2024-11-25 11:04:02 +03:00
Revert "made Browsable API base template cachable: omit CSRF token when unnecessary (#7717)" (#7847)
This reverts commit 9c9ffb18f4
.
This commit is contained in:
parent
3e274146fc
commit
7b53960c3b
|
@ -290,7 +290,7 @@
|
||||||
<script>
|
<script>
|
||||||
window.drf = {
|
window.drf = {
|
||||||
csrfHeaderName: "{{ csrf_header_name|default:'X-CSRFToken' }}",
|
csrfHeaderName: "{{ csrf_header_name|default:'X-CSRFToken' }}",
|
||||||
csrfToken: "{% if request %}{% if post_form or put_form %}{{ csrf_token }}{% endif %}{% endif %}"
|
csrfToken: "{% if request %}{{ csrf_token }}{% endif %}"
|
||||||
};
|
};
|
||||||
</script>
|
</script>
|
||||||
<script src="{% static "rest_framework/js/jquery-3.5.1.min.js" %}"></script>
|
<script src="{% static "rest_framework/js/jquery-3.5.1.min.js" %}"></script>
|
||||||
|
|
|
@ -3,23 +3,15 @@ import re
|
||||||
from django.shortcuts import render
|
from django.shortcuts import render
|
||||||
|
|
||||||
|
|
||||||
|
def test_base_template_with_context():
|
||||||
|
context = {'request': True, 'csrf_token': 'TOKEN'}
|
||||||
|
result = render({}, 'rest_framework/base.html', context=context)
|
||||||
|
assert re.search(r'\bcsrfToken: "TOKEN"', result.content.decode())
|
||||||
|
|
||||||
|
|
||||||
def test_base_template_with_no_context():
|
def test_base_template_with_no_context():
|
||||||
# base.html should be renderable with no context,
|
# base.html should be renderable with no context,
|
||||||
# so it can be easily extended.
|
# so it can be easily extended.
|
||||||
result = render({}, 'rest_framework/base.html')
|
result = render({}, 'rest_framework/base.html')
|
||||||
# note that this response will not include a valid CSRF token
|
# note that this response will not include a valid CSRF token
|
||||||
assert re.search(r'\bcsrfToken: ""', result.content.decode())
|
assert re.search(r'\bcsrfToken: ""', result.content.decode())
|
||||||
|
|
||||||
|
|
||||||
def test_base_template_with_simple_context():
|
|
||||||
context = {'request': True, 'csrf_token': 'TOKEN'}
|
|
||||||
result = render({}, 'rest_framework/base.html', context=context)
|
|
||||||
# note that response will STILL not include a CSRF token
|
|
||||||
assert re.search(r'\bcsrfToken: ""', result.content.decode())
|
|
||||||
|
|
||||||
|
|
||||||
def test_base_template_with_editing_context():
|
|
||||||
context = {'request': True, 'post_form': object(), 'csrf_token': 'TOKEN'}
|
|
||||||
result = render({}, 'rest_framework/base.html', context=context)
|
|
||||||
# response includes a CSRF token in support of the POST form
|
|
||||||
assert re.search(r'\bcsrfToken: "TOKEN"', result.content.decode())
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user