From 070838bfa19b177f59ef3bd8f0139266adecda90 Mon Sep 17 00:00:00 2001
From: Simon Willison <swillison@gmail.com>
Date: Sat, 6 Jun 2020 12:26:19 -0700
Subject: [PATCH] Better test for Vary header

---
 tests/fixtures.py          | 2 --
 tests/test_canned_write.py | 6 ++++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/tests/fixtures.py b/tests/fixtures.py
index 4ca7b10f..2268ef4d 100644
--- a/tests/fixtures.py
+++ b/tests/fixtures.py
@@ -132,8 +132,6 @@ class TestClient:
             if csrftoken_from is True:
                 csrftoken_from = path
             token_response = await self._request(csrftoken_from)
-            # Check this had a Vary: Cookie header
-            assert "Cookie" == token_response.headers["vary"]
             csrftoken = token_response.cookies["ds_csrftoken"]
             cookies["ds_csrftoken"] = csrftoken
             post_data["csrftoken"] = csrftoken
diff --git a/tests/test_canned_write.py b/tests/test_canned_write.py
index 5b5756b0..aacc586f 100644
--- a/tests/test_canned_write.py
+++ b/tests/test_canned_write.py
@@ -100,6 +100,12 @@ def test_custom_params(canned_write_client):
     assert '<input type="text" id="qp3" name="extra" value="foo">' in response.text
 
 
+def test_vary_header(canned_write_client):
+    # These forms embed a csrftoken so they should be served with Vary: Cookie
+    assert "vary" not in canned_write_client.get("/data").headers
+    assert "Cookie" == canned_write_client.get("/data/update_name").headers["vary"]
+
+
 def test_canned_query_permissions_on_database_page(canned_write_client):
     # Without auth only shows three queries
     query_names = [