Menu
I wan't to test my django web app with locust.io. In ha form i have the problem that it is secured with a CSRF token. I do the following:
class WebsiteTasks(TaskSet):
def on_start(self):
print("On start")
@task
def post_answer(self):
self.client.get("/polls/2/vote")
self.client.post("/polls/2/vote/", {"choice": "8"})
Why do I get a 403 error? That the post is fobidden, the locust documentation says that the client objects keeps the session alive..
769
When a CSRF token is generated, it should be stored server-side within the user's session data. When a subsequent request is received that requires validation, the server-side application should verify that the request includes a token which matches the value that was stored in the user's session.
The CSRF token is stored in the client. The CSRF token is required for any later REST API calls. The client must send a valid token with every API request. The token is sent in a custom request HTTP header.
change your code as:
@task
def post_answer(self):
response = self.client.get("/polls/2/vote")
csrftoken = response.cookies['csrftoken']
self.client.post("/polls/2/vote/",
{"choice": "8"},
headers={"X-CSRFToken": csrftoken})
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
