7 files changed, 53 insertions, 9 deletions
diff --git a/tests/test_config/test_security.py b/tests/test_config/test_security.py
index f2b4ba8e5..0ae199239 100644
--- a/tests/test_config/test_security.py
+++ b/tests/test_config/test_security.py
@@ -158,6 +158,7 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase):
             list(sorted(result.safe_methods)),
             ['GET', 'HEAD', 'OPTIONS', 'TRACE'],
         )
+        self.assertFalse(result.allow_no_origin)
         self.assertTrue(result.callback is None)
 
     def test_changing_set_default_csrf_options(self):
@@ -173,6 +174,7 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase):
             token='DUMMY',
             header=None,
             safe_methods=('PUT',),
+            allow_no_origin=True,
             callback=callback,
         )
         result = config.registry.getUtility(IDefaultCSRFOptions)
@@ -180,4 +182,5 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase):
         self.assertEqual(result.token, 'DUMMY')
         self.assertEqual(result.header, None)
         self.assertEqual(list(sorted(result.safe_methods)), ['PUT'])
+        self.assertTrue(result.allow_no_origin)
         self.assertTrue(result.callback is callback)
diff --git a/tests/test_csrf.py b/tests/test_csrf.py
index d1b569c32..f93a1afde 100644
--- a/tests/test_csrf.py
+++ b/tests/test_csrf.py
@@ -363,6 +363,12 @@ class Test_check_csrf_origin(unittest.TestCase):
         request.registry.settings = {}
         self.assertTrue(self._callFUT(request))
 
+    def test_success_with_allow_no_origin(self):
+        request = testing.DummyRequest()
+        request.scheme = "https"
+        request.referrer = None
+        self.assertTrue(self._callFUT(request, allow_no_origin=True))
+
     def test_fails_with_wrong_host(self):
         from pyramid.exceptions import BadCSRFOrigin
 
diff --git a/tests/test_router.py b/tests/test_router.py
index 3e66757f6..722f4286c 100644
--- a/tests/test_router.py
+++ b/tests/test_router.py
@@ -1561,7 +1561,7 @@ class TestRouter(unittest.TestCase):
         self.assertEqual(resp.status_code, 200)
         self.assertEqual(resp.body, b'foo')
 
-    def test_execution_policy_handles_exception(self):
+    def test_execution_policy_bubbles_exception(self):
         from pyramid.interfaces import IViewClassifier
         from pyramid.interfaces import IExceptionViewClassifier
         from pyramid.interfaces import IRequest
@@ -1591,8 +1591,7 @@ class TestRouter(unittest.TestCase):
         environ = self._makeEnviron(PATH_INFO='/archives/action1/article1')
         start_response = DummyStartResponse()
         router = self._makeOne()
-        result = router(environ, start_response)
-        self.assertEqual(result, ["Hello, world"])
+        self.assertRaises(Exception2, lambda: router(environ, start_response))
 
     def test_request_context_with_statement(self):
         from pyramid.threadlocal import get_current_request
diff --git a/tests/test_scripts/test_proutes.py b/tests/test_scripts/test_proutes.py
index 5e3f359f6..b5a083272 100644
--- a/tests/test_scripts/test_proutes.py
+++ b/tests/test_scripts/test_proutes.py
@@ -687,7 +687,7 @@ class TestPRoutesCommand(unittest.TestCase):
         command.out = L.append
         command.bootstrap = dummy.DummyBootstrap(registry=config.registry)
         expected = (
-            "You provided invalid formats ['predicates'], "
+            "You provided invalid formats ['predicates']. "
             "Available formats are ['name', 'pattern', 'view', 'method']"
         )
         result = command.run()
diff --git a/tests/test_testing.py b/tests/test_testing.py
index 874d9f11b..ebeafe21d 100644
--- a/tests/test_testing.py
+++ b/tests/test_testing.py
@@ -192,7 +192,7 @@ class TestDummyRequest(unittest.TestCase):
         self.assertEqual(request.method, 'POST')
         self.assertEqual(request.POST, POST)
         # N.B.:  Unlike a normal request, passing 'post' should *not* put
-        #        explict POST data into params: doing so masks a possible
+        #        explicit POST data into params: doing so masks a possible
         #        XSS bug in the app.  Tests for apps which don't care about
         #        the distinction should just use 'params'.
         self.assertEqual(request.params, {})
diff --git a/tests/test_view.py b/tests/test_view.py
index de40df1d5..5411e57c0 100644
--- a/tests/test_view.py
+++ b/tests/test_view.py
@@ -507,7 +507,25 @@ class TestViewConfigDecorator(unittest.TestCase):
 
     def test_create_defaults(self):
         decorator = self._makeOne()
-        self.assertEqual(decorator.__dict__, {})
+        self.assertEqual(list(decorator.__dict__.keys()), ['_info'])
+
+    def test_create_info(self):
+        target = self._getTargetClass()
+        decorator = target()
+        info = decorator._info
+        self.assertEqual(info[2], 'test_create_info')
+        self.assertEqual(info[3], 'decorator = target()')
+
+    def test_create_info_depth(self):
+        target = self._getTargetClass()
+
+        def make():
+            return target(_depth=1)
+
+        decorator = make()
+        info = decorator._info
+        self.assertEqual(info[2], 'test_create_info_depth')
+        self.assertEqual(info[3], 'decorator = make()')
 
     def test_create_context_trumps_for(self):
         decorator = self._makeOne(context='123', for_='456')
@@ -560,7 +578,6 @@ class TestViewConfigDecorator(unittest.TestCase):
         self.assertEqual(len(settings[0]), 3)
         self.assertEqual(settings[0]['venusian'], venusian)
         self.assertEqual(settings[0]['view'], None)  # comes from call_venusian
-        self.assertEqual(settings[0]['_info'], 'codeinfo')
 
     def test_call_class(self):
         decorator = self._makeOne()
@@ -580,7 +597,6 @@ class TestViewConfigDecorator(unittest.TestCase):
         self.assertEqual(settings[0]['venusian'], venusian)
         self.assertEqual(settings[0]['view'], None)  # comes from call_venusian
         self.assertEqual(settings[0]['attr'], 'foo')
-        self.assertEqual(settings[0]['_info'], 'codeinfo')
 
     def test_call_class_attr_already_set(self):
         decorator = self._makeOne(attr='abc')
@@ -600,7 +616,6 @@ class TestViewConfigDecorator(unittest.TestCase):
         self.assertEqual(settings[0]['venusian'], venusian)
         self.assertEqual(settings[0]['view'], None)  # comes from call_venusian
         self.assertEqual(settings[0]['attr'], 'abc')
-        self.assertEqual(settings[0]['_info'], 'codeinfo')
 
     def test_stacking(self):
         decorator1 = self._makeOne(name='1')
diff --git a/tests/test_viewderivers.py b/tests/test_viewderivers.py
index 9a61ea9f1..12a903eaa 100644
--- a/tests/test_viewderivers.py
+++ b/tests/test_viewderivers.py
@@ -1414,6 +1414,27 @@ class TestDeriveView(unittest.TestCase):
         result = view(None, request)
         self.assertTrue(result is response)
 
+    def test_csrf_view_allow_no_origin(self):
+        response = DummyResponse()
+
+        def inner_view(request):
+            return response
+
+        self.config.set_default_csrf_options(
+            require_csrf=True, allow_no_origin=True
+        )
+        request = self._makeRequest()
+        request.scheme = "https"
+        request.domain = "example.com"
+        request.host_port = "443"
+        request.referrer = None
+        request.method = 'POST'
+        request.session = DummySession({'csrf_token': 'foo'})
+        request.POST = {'csrf_token': 'foo'}
+        view = self.config._derive_view(inner_view, require_csrf=True)
+        result = view(None, request)
+        self.assertTrue(result is response)
+
     def test_csrf_view_fails_on_bad_PUT_header(self):
         from pyramid.exceptions import BadCSRFToken