#361: Don't test for CSRF token if we're running unit tests.

author: Nathan Yergler <nathan@yergler.net> 2011-10-01 13:13:14 -0700
committer: Nathan Yergler <nathan@yergler.net> 2011-10-01 14:20:35 -0700
commit: 7e694e5fd858aeaea7eb7e9a9062b36d17a3b7f7 (patch)
tree: 4f7c5ae6ea9bb264378056fdf1f78dd577877578
parent: 5d2abe45b2bae9111d4f1bda645b53414d2b240d (diff)
download: mediagoblin-7e694e5fd858aeaea7eb7e9a9062b36d17a3b7f7.tar.lz
mediagoblin-7e694e5fd858aeaea7eb7e9a9062b36d17a3b7f7.tar.xz
mediagoblin-7e694e5fd858aeaea7eb7e9a9062b36d17a3b7f7.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/mediagoblin/middleware/csrf.py b/mediagoblin/middleware/csrf.py
index 68ece6d3..d41bcd87 100644
--- a/mediagoblin/middleware/csrf.py
+++ b/mediagoblin/middleware/csrf.py
@@ -77,7 +77,10 @@ class CsrfMiddleware(object):
         # if this is a non-"safe" request (ie, one that could have
         # side effects), confirm that the CSRF tokens are present and
         # valid
-        if request.method not in self.SAFE_HTTP_METHODS:
+        if request.method not in self.SAFE_HTTP_METHODS \
+            and ('gmg.verify_csrf' in request.environ or
+                 'paste.testing' not in request.environ):
+
             return self.verify_tokens(request)
 
     def process_response(self, request, response):
author	Nathan Yergler <nathan@yergler.net>	2011-10-01 13:13:14 -0700
committer	Nathan Yergler <nathan@yergler.net>	2011-10-01 14:20:35 -0700
commit	7e694e5fd858aeaea7eb7e9a9062b36d17a3b7f7 (patch)
tree	4f7c5ae6ea9bb264378056fdf1f78dd577877578
parent	5d2abe45b2bae9111d4f1bda645b53414d2b240d (diff)
download	mediagoblin-7e694e5fd858aeaea7eb7e9a9062b36d17a3b7f7.tar.lz mediagoblin-7e694e5fd858aeaea7eb7e9a9062b36d17a3b7f7.tar.xz mediagoblin-7e694e5fd858aeaea7eb7e9a9062b36d17a3b7f7.zip