From the course: Securing Django Applications
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Unit testing Django forms that use CSRF - Django Tutorial
From the course: Securing Django Applications
Unit testing Django forms that use CSRF
- [Instructor] We're going to test the CSRF protection for the journal view. Specifically, we're testing to see what happens where we delete a journal entry. In this test, a user and a journal entry already exist. We need to create a new HTTP client and we need to make sure that it enforces CSRF checks. Usually Django will skip these to make testing easier. And then we are going to use Force Login to login as the user. So let's try, deleting, this journal entry we're going to make a POST request. And the data we're providing is the entry to delete and that is the journal entry ID. And we do not expect this to work. So the response status code should be a four or a three, and the journal entry should still exist. And the reason this won't work, and why we want it to fail is because the CSRF token is not included as part of the request. So, let's try again. We have the response of getting the journal entries and on…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.