#361: Don't test for CSRF token if we're running unit tests.

2011-10-01 13:13:14 -07:00 · 2011-10-01 13:13:14 -07:00 · 7e694e5fd8
commit 7e694e5fd8
parent 5d2abe45b2
1 changed files with 4 additions and 1 deletions
--- a/mediagoblin/middleware/csrf.py
+++ b/mediagoblin/middleware/csrf.py
@ -77,7 +77,10 @@ class CsrfMiddleware(object):
        # if this is a non-"safe" request (ie, one that could have
        # side effects), confirm that the CSRF tokens are present and
        # valid
-        if request.method not in self.SAFE_HTTP_METHODS:
+        if request.method not in self.SAFE_HTTP_METHODS \
+            and ('gmg.verify_csrf' in request.environ or
+                 'paste.testing' not in request.environ):
+
            return self.verify_tokens(request)

    def process_response(self, request, response):