make csrf work within components

SmileyChris · Nov 19, 2024 · ebd3826 · ebd3826
1 parent bc05a0e
commit ebd3826
Show file tree

Hide file tree

Showing 6 changed files with 72 additions and 1 deletion.
diff --git a/includecontents/templatetags/includecontents.py b/includecontents/templatetags/includecontents.py
@@ -181,7 +181,14 @@ def __init__(
         self.isolated_context = isolated_context
 
     def render(self, context):
-        new_context = context.new() if self.isolated_context else context
+        if self.isolated_context:
+            new_context = context.new()
+            if request := getattr(context, "request", None):
+                new_context.request = request
+            if csrf_token := context.get("csrf_token"):
+                new_context["csrf_token"] = csrf_token
+        else:
+            new_context = context
         with new_context.push():
             new_context["contents"] = RenderedContents(
                 # Contents aren't rendered with isolation, hence the use of context

diff --git a/tests/templates/components/csrf.html b/tests/templates/components/csrf.html
@@ -0,0 +1,4 @@
+<div class="inner-component">
+  {% csrf_token %}
+  {{ contents }}
+</div>
diff --git a/tests/templates/test_csrf/base.html b/tests/templates/test_csrf/base.html
@@ -0,0 +1,5 @@
+<div class="outer">
+  {% includecontents "test_csrf/inner.html" %}
+    Testing CSRF token passing
+  {% endincludecontents %}
+</div>
diff --git a/tests/templates/test_csrf/component.html b/tests/templates/test_csrf/component.html
@@ -0,0 +1,3 @@
+<div class="component">
+  <include:csrf>Testing CSRF in component</include:csrf>
+</div>
diff --git a/tests/templates/test_csrf/inner.html b/tests/templates/test_csrf/inner.html
@@ -0,0 +1,4 @@
+<div class="inner">
+  {% csrf_token %}
+  {{ contents }}
+</div>
diff --git a/tests/test_csrf.py b/tests/test_csrf.py
@@ -0,0 +1,48 @@
+from django.middleware.csrf import get_token
+from django.template.loader import render_to_string
+
+
+def test_csrf_token_passing(rf):
+    """Test that CSRF token is properly passed through includecontents."""
+    request = rf.get("/")
+    csrf_token = get_token(request)
+
+    context = {
+        "request": request,
+        "csrf_token": csrf_token,
+    }
+
+    rendered = render_to_string("test_csrf/base.html", context)
+    assert csrf_token in rendered
+    assert '<input type="hidden" name="csrfmiddlewaretoken"' in rendered
+
+
+def test_csrf_token_in_component(rf):
+    """Test that CSRF token works in component-style includecontents."""
+    request = rf.get("/")
+    csrf_token = get_token(request)
+
+    context = {
+        "request": request,
+        "csrf_token": csrf_token,
+    }
+
+    rendered = render_to_string("test_csrf/component.html", context)
+    assert csrf_token in rendered
+    assert '<input type="hidden" name="csrfmiddlewaretoken"' in rendered
+
+
+def test_csrf_token_isolated_context(rf):
+    """Test that CSRF token is passed even with isolated context."""
+    request = rf.get("/")
+    csrf_token = get_token(request)
+
+    context = {
+        "request": request,
+        "csrf_token": csrf_token,
+        "isolated_context": True,
+    }
+
+    rendered = render_to_string("test_csrf/base.html", context)
+    assert csrf_token in rendered
+    assert '<input type="hidden" name="csrfmiddlewaretoken"' in rendered