body=urllib_parse.urlencode(dict(_xsrf=self.xsrf_token)))
self.assertEqual(response.code, 403)
- def test_xsrf_success_short_token(self):
- with ExpectLog(gen_log, ".*XSRF cookie does not match POST"):
- response = self.fetch(
- "/", method="POST",
- body=urllib_parse.urlencode(dict(_xsrf='deadbeef')))
- self.assertEqual(response.code, 403)
-
- def test_xsrf_success_non_hex_token(self):
- with ExpectLog(gen_log, ".*XSRF cookie is not a hexadecimal"):
- response = self.fetch(
- "/", method="POST",
- body=urllib_parse.urlencode(dict(_xsrf='xoxo')))
- self.assertEqual(response.code, 400)
-
def test_xsrf_fail_cookie_no_body(self):
with ExpectLog(gen_log, ".*'_xsrf' argument missing"):
response = self.fetch(
headers=self.cookie_headers())
self.assertEqual(response.code, 403)
+ def test_xsrf_success_short_token(self):
+ response = self.fetch(
+ "/", method="POST",
+ body=urllib_parse.urlencode(dict(_xsrf='deadbeef')),
+ headers=self.cookie_headers(token='deadbeef'))
+ self.assertEqual(response.code, 200)
+
+ def test_xsrf_success_non_hex_token(self):
+ response = self.fetch(
+ "/", method="POST",
+ body=urllib_parse.urlencode(dict(_xsrf='xoxo')),
+ headers=self.cookie_headers(token='xoxo'))
+ self.assertEqual(response.code, 200)
+
def test_xsrf_success_post_body(self):
response = self.fetch(
"/", method="POST",
projects / thirdparty / tornado.git / commitdiff
