avm/mostovik-backend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(api): disable csrf checks for api routes
All checks were successful
CI/CD Pipeline / Quality Gate (push) Successful in 20s
Details
CI/CD Pipeline / Build and Push Images (push) Successful in 6s
Details
CI/CD Pipeline / Internal Notify (push) Successful in 1s
Details
CI/CD Pipeline / Deploy Dev in Dokploy (push) Successful in 1s
Details

Browse Source
This commit is contained in:
Aleksandr Meshchriakov
2026-04-29 12:09:56 +02:00
parent be7af18c36
commit 90856d5a7e
4 changed files with 34 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
tests/apps/core/test_middleware.py
View File

@@ -4,6 +4,7 @@ import logging
from io import StringIO
from apps.core.middleware import (
ApiCsrfExemptMiddleware,
RequestIDMiddleware,
RequestLoggingMiddleware,
get_request_id,
@@ -73,3 +74,23 @@ class RequestLoggingMiddlewareTest(APITestCase):
response = middleware.process_response(request, HttpResponse(status=200))
self.assertIn("X-Request-ID", response)
self.assertIsNone(get_request_id())
class ApiCsrfExemptMiddlewareTest(APITestCase):
def setUp(self):
self.factory = RequestFactory()
self.middleware = ApiCsrfExemptMiddleware(lambda req: HttpResponse(status=200))
def test_api_path_skips_csrf_check(self):
request = self.factory.post("/api/v1/users/login/", data={})
response = self.middleware.process_view(request, lambda req: None, (), {})
self.assertIsNone(response)
def test_non_api_path_keeps_csrf_check(self):
request = self.factory.post("/admin/login/", data={})
response = self.middleware.process_view(request, lambda req: None, (), {})
self.assertEqual(response.status_code, 403)