diff --git a/tests/test_user_defaults_integration.py b/tests/test_user_defaults_integration.py index 57019a7..7d737b0 100644 --- a/tests/test_user_defaults_integration.py +++ b/tests/test_user_defaults_integration.py @@ -94,6 +94,7 @@ class TestFeedUserDefaults: ): """Successful feed-given saves user defaults.""" csrf_token = "test-csrf-token" + client.cookies.set("csrf_token", csrf_token) response = client.post( "/actions/feed-given", data={ @@ -105,7 +106,6 @@ class TestFeedUserDefaults: "X-Oidc-Username": "ppetru", **make_csrf_headers(csrf_token), }, - cookies={"csrf_token": csrf_token}, ) assert response.status_code == 200 @@ -148,6 +148,7 @@ class TestFeedUserDefaults: ): """Unknown users are rejected by auth middleware.""" csrf_token = "test-csrf-token" + client.cookies.set("csrf_token", csrf_token) response = client.post( "/actions/feed-given", data={ @@ -159,7 +160,6 @@ class TestFeedUserDefaults: "X-Oidc-Username": "unknown_user", **make_csrf_headers(csrf_token), }, - cookies={"csrf_token": csrf_token}, ) # Unknown user is rejected by auth middleware assert response.status_code == 401 diff --git a/tests/test_web_app.py b/tests/test_web_app.py index 5d37d07..be64ae1 100644 --- a/tests/test_web_app.py +++ b/tests/test_web_app.py @@ -127,6 +127,7 @@ class TestAppWithTestClient: def test_csrf_with_valid_tokens_succeeds(self, client): """POST with matching CSRF tokens proceeds.""" csrf_token = "test-csrf-token-123" + client.cookies.set("csrf_token", csrf_token) resp = client.post( "/", headers={ @@ -134,7 +135,6 @@ class TestAppWithTestClient: "X-CSRF-Token": csrf_token, "Origin": "http://testserver", }, - cookies={"csrf_token": csrf_token}, ) # Should get through CSRF check (200 or 405 if method not allowed) # The key is it shouldn't be 403 CSRF error