I'm working on a Django web application which (amongst other things) needs to handle transaction status info sent using a POST
request.
In addition to the HTTP security supported by the payment gateway, my view checks request.META['HTTP_REFERER']
against an entry in settings.py
to try to prevent funny business:
if request.META.get('HTTP_REFERER', '') != settings.PAYMENT_URL and not settings.DEBUG:
return HttpResponseForbidden('Incorrect source URL for updating payment status')
Now I'd like to work out how to test this behaviour.
I can generate a failure easily enough; HTTP_REFERER
is (predictably) None
with a normal page load:
def test_transaction_status_succeeds(self):
response = self.client.post(reverse('transaction_status'), { ... })
self.assertEqual(response.status_code, 403)
How, though, can I fake a successful submission? I've tried setting HTTP_REFERER
in extra
, e.g. self.client.post(..., extra={'HTTP_REFERER': 'http://foo/bar'})
, but this isn't working; the view is apparently still seeing a blank header.
Does the test client even support custom headers? Is there a work-around if not? I'm using Django 1.1, and would prefer not to upgrade just yet if at all possible.
Almost right. It's actually:
def transaction_status_suceeds(self):
response = self.client.post(reverse('transaction_status'), {}, HTTP_REFERER='http://foo/bar')
I'd missed a **
(scatter operator / keyword argument unpacking operator / whatever) when reading the source of test/client.py
; extra
ends up being a dictionary of extra keyword arguments to the function itself.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With