Merge pull request #9 from anibalsolon/bug/csrf_validation

Fetch CSRF cookie to validate w/ Graphene API

Author: syrusakbary

gql/transport/http.py

@@ -1,5 +1,6 @@
 class HTTPTransport(object):
 
-    def __init__(self, url, headers=None):
+    def __init__(self, url, headers=None, cookies=None):
         self.url = url
         self.headers = headers
+        self.cookies = cookies

gql/transport/requests.py

@@ -31,6 +31,7 @@ def execute(self, document, variable_values=None, timeout=None):
         post_args = {
             'headers': self.headers,
             'auth': self.auth,
+            'cookies': self.cookies,
             'timeout': timeout or self.default_timeout,
             data_key: payload
         }

tests/test_transport.py

@@ -1,14 +1,25 @@
 import pytest
+import requests
 
 from gql import Client, gql
 from gql.transport.requests import RequestsHTTPTransport
 
 
 @pytest.fixture
 def client():
+    request = requests.get('http://swapi.graphene-python.org/graphql',
+                           headers={
+                               'Host': 'swapi.graphene-python.org',
+                               'Accept': 'text/html',
+                           })
+    request.raise_for_status()
+    csrf = request.cookies['csrftoken']
+
     return Client(
-      transport=RequestsHTTPTransport(url='http://swapi.graphene-python.org/graphql'),
-      fetch_schema_from_transport=True
+        transport=RequestsHTTPTransport(url='http://swapi.graphene-python.org/graphql',
+                                        cookies={"csrftoken": csrf},
+                                        headers={'x-csrftoken':  csrf}),
+        fetch_schema_from_transport=True
     )