Merge pull request #17 from pauldiepold/csrf-for-non-inertia-requests

BrandonShar · web-flow · commit 5591683e3c71 · 2022-12-22T10:54:05.000-05:00
CSRF for non inertia requests
diff --git a/inertia/middleware.py b/inertia/middleware.py
@@ -10,13 +10,13 @@ def __init__(self, get_response):
   def __call__(self, request):
     response = self.get_response(request)
 
-    if not self.is_inertia_request(request):
-      return response
-
     # Inertia requests don't ever render templates, so they skip the typical Django
     # CSRF path. We'll manually add a CSRF token for every request here.
     get_token(request)
 
+    if not self.is_inertia_request(request):
+      return response
+
     if self.is_non_post_redirect(request, response):
       response.status_code = 303
 
diff --git a/inertia/tests/test_rendering.py b/inertia/tests/test_rendering.py
@@ -104,3 +104,8 @@ def test_that_csrf_inclusion_is_automatic(self):
     response = self.inertia.get('/props/')
 
     self.assertIsNotNone(response.cookies.get('csrftoken'))
+
+  def test_that_csrf_is_included_even_on_initial_page_load(self):
+    response = self.client.get('/props/')
+
+    self.assertIsNotNone(response.cookies.get('csrftoken'))
