Merge pull request #3512 from luhn/csrf-allow-no-origin

Add allow_no_origin option to CSRF

1 files changed, 21 insertions, 0 deletions

diff --git a/tests/test_viewderivers.py b/tests/test_viewderivers.py
index f01cb490e..3ca5f8534 100644
--- a/tests/test_viewderivers.py
+++ b/tests/test_viewderivers.py
@@ -1504,6 +1504,27 @@ class TestDeriveView(unittest.TestCase):
         result = view(None, request)
         self.assertTrue(result is response)
 
+    def test_csrf_view_allow_no_origin(self):
+        response = DummyResponse()
+
+        def inner_view(request):
+            return response
+
+        self.config.set_default_csrf_options(
+            require_csrf=True, allow_no_origin=True
+        )
+        request = self._makeRequest()
+        request.scheme = "https"
+        request.domain = "example.com"
+        request.host_port = "443"
+        request.referrer = None
+        request.method = 'POST'
+        request.session = DummySession({'csrf_token': 'foo'})
+        request.POST = {'csrf_token': 'foo'}
+        view = self.config._derive_view(inner_view, require_csrf=True)
+        result = view(None, request)
+        self.assertTrue(result is response)
+
     def test_csrf_view_fails_on_bad_PUT_header(self):
         from pyramid.exceptions import BadCSRFToken