$OpenBSD: patch-tests_regressiontests_csrf_tests_tests_py,v 1.1 2011/02/11 11:45:48 jasper Exp $

Security fix for SA43230.
http://www.djangoproject.com/weblog/2011/feb/08/security/

Patch from upstream svn -r15465.

--- tests/regressiontests/csrf_tests/tests.py.orig	Thu Oct 28 04:58:51 2010
+++ tests/regressiontests/csrf_tests/tests.py	Thu Feb 10 09:48:59 2011
@@ -275,12 +275,12 @@ class CsrfMiddlewareTest(TestCase):
         req2 = CsrfMiddleware().process_view(req, csrf_exempt(post_form_view), (), {})
         self.assertEquals(None, req2)
 
-    def test_ajax_exemption(self):
+    def test_csrf_token_in_header(self):
         """
-        Check that AJAX requests are automatically exempted.
+        Check that we can pass in the token in a header instead of in the form
         """
         req = self._get_POST_csrf_cookie_request()
-        req.META['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest'
+        req.META['HTTP_X_CSRFTOKEN'] = self._csrf_id
         req2 = CsrfMiddleware().process_view(req, post_form_view, (), {})
         self.assertEquals(None, req2)
 
