[5.1] [Proposal] Add WithoutCsrf trait for testing #9354
Conversation
|
👎 I think people should just unset the middleware. |
|
The problem is if your form processing does something with the session - then Laravel starts complaining of errors since you're not setting the session stuff in the middleware. So disabling middleware is not always an option - which is why I wrote this... |
I was meaning people just just remove a single middleware from the stack. |
|
Oh... ok - that makes sense? How do you do that? Perhaps we add an example of that to the test Docs? Then the solution is available for everyone who needs to disable CSRF for testing... if you want to post the code I'll do up the Doc PR - or you can do the Docs PR yourself if you have time. |
|
We don't seem to actually have a way of removing middlewares without you doing reflection on the router object. Maybe we need to add that? Another alternative could be for you to have a custom kernel class that you override the middleware on. I've seen people do that for testing packages before. |
|
Seems related to #9311 |
|
Maybe it would be better to have a helper to easily set the CSRF token rather than have methods to remove individual middleware? |
This allows you to disable just the CSRF middleware check on your tests, without having to disable all middleware.
It is just a stripped down version of
withoutMiddlewarethat already exists.This can be useful when testing form submissions which may require aspects of your middleware to be used - but without having to include a csrf token in each of your tests.
If this is accepted, I'll submit a PR for the Docs.