[hw4] question about testing

[dooly9931]

We have test_csrf provided in our tests.py to test csrf token working. Can I consider csrf related things as tested? And therefore, is it okay not to check csrf related problems when writing test codes for other API methods? (such as using client = Client(enforce_csrf_checks=True))

[ttoru96]

It is okay not to check CSRF related problems when writing test codes for other API methods, as long as you have test codes for csrf_token in some other tests.

By the way, if you give True value to enforce_csrf_checks, you are creating a client that does CSRF check. If you intend not to perform CSRF check, you should give False instead.