From 0820175d812e94850bc97a024c6cd7c29a94a10c Mon Sep 17 00:00:00 2001
From: Chris Jerdonek <chris.jerdonek@gmail.com>
Date: Tue, 17 Aug 2021 15:25:07 -0400
Subject: [PATCH] Refs #32800 -- Added CSRF tests for masked and unmasked
 secrets during GET.

---
 tests/csrf_tests/tests.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/tests/csrf_tests/tests.py b/tests/csrf_tests/tests.py
index 0ae1eca516..1ada6d9f18 100644
--- a/tests/csrf_tests/tests.py
+++ b/tests/csrf_tests/tests.py
@@ -1177,6 +1177,23 @@ class CsrfViewMiddlewareTests(CsrfViewMiddlewareTestMixin, SimpleTestCase):
         self.assertTrue(csrf_cookie, msg='No CSRF cookie was sent.')
         self.assertEqual(len(csrf_cookie), CSRF_TOKEN_LENGTH)
 
+    def test_unmasked_secret_replaced_on_GET(self):
+        """An unmasked CSRF cookie is replaced during a GET request."""
+        req = self._get_request(cookie=TEST_SECRET)
+        resp = protected_view(req)
+        self.assertContains(resp, 'OK')
+        csrf_cookie = self._read_csrf_cookie(req, resp)
+        self.assertTrue(csrf_cookie, msg='No CSRF cookie was sent.')
+        self.assertMaskedSecretCorrect(csrf_cookie, TEST_SECRET)
+
+    def test_masked_secret_not_replaced_on_GET(self):
+        """A masked CSRF cookie is not replaced during a GET request."""
+        req = self._get_request(cookie=MASKED_TEST_SECRET1)
+        resp = protected_view(req)
+        self.assertContains(resp, 'OK')
+        csrf_cookie = self._read_csrf_cookie(req, resp)
+        self.assertFalse(csrf_cookie, msg='A CSRF cookie was sent.')
+
     def test_masked_secret_accepted_and_not_replaced(self):
         """
         The csrf cookie is left unchanged if originally masked.