From 6dd21309e4d9b21162b8db3e015533be10db0601 Mon Sep 17 00:00:00 2001
From: Theron Luhn <theron@luhn.com>
Date: Thu, 19 Sep 2019 18:32:41 -0700
Subject: Add allow_no_origin option to CSRF.

---
 tests/test_viewderivers.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'tests/test_viewderivers.py')

diff --git a/tests/test_viewderivers.py b/tests/test_viewderivers.py
index f01cb490e..3ca5f8534 100644
--- a/tests/test_viewderivers.py
+++ b/tests/test_viewderivers.py
@@ -1504,6 +1504,27 @@ class TestDeriveView(unittest.TestCase):
         result = view(None, request)
         self.assertTrue(result is response)
 
+    def test_csrf_view_allow_no_origin(self):
+        response = DummyResponse()
+
+        def inner_view(request):
+            return response
+
+        self.config.set_default_csrf_options(
+            require_csrf=True, allow_no_origin=True
+        )
+        request = self._makeRequest()
+        request.scheme = "https"
+        request.domain = "example.com"
+        request.host_port = "443"
+        request.referrer = None
+        request.method = 'POST'
+        request.session = DummySession({'csrf_token': 'foo'})
+        request.POST = {'csrf_token': 'foo'}
+        view = self.config._derive_view(inner_view, require_csrf=True)
+        result = view(None, request)
+        self.assertTrue(result is response)
+
     def test_csrf_view_fails_on_bad_PUT_header(self):
         from pyramid.exceptions import BadCSRFToken
 
-- 
cgit v1.2.3