cors fixes

openapi_first/templates/crud_app/test_crud_app.py

@@ -34,6 +34,14 @@ client = OpenAPIClient(
     client=client,
 )
 
+# Bootstrap CSRF token via a safe GET request
+_ = client.list_items()
+_CSRF_TOKEN = client.client.cookies.get("csrftoken")
+
+
+def _csrf_headers() -> dict:
+    return {"X-CSRFToken": _CSRF_TOKEN} if _CSRF_TOKEN else {}
+
 
 def test_list_items_initial():
     """Initial items should be present."""
@@ -70,7 +78,8 @@ def test_create_item():
     }
 
     response = client.create_item(
-        body=payload
+        body=payload,
+        headers=_csrf_headers(),
     )
     assert response.status_code == 201
 
@@ -95,6 +104,7 @@ def test_update_item():
     response = client.update_item(
         path_params={"item_id": 1},
         body=payload,
+        headers=_csrf_headers(),
     )
     assert response.status_code == 200
 
@@ -115,7 +125,8 @@ def test_update_item():
 def test_delete_item():
     """Deleting an item should remove it from the store."""
     response = client.delete_item(
-        path_params={"item_id": 2}
+        path_params={"item_id": 2},
+        headers=_csrf_headers(),
     )
     assert response.status_code == 204