Fixed #21495 -- Added settings.CSRF_HEADER_NAME

tests/csrf_tests/tests.py

@@ -189,6 +189,16 @@ class CsrfViewMiddlewareTest(TestCase):
         req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
         self.assertIsNone(req2)
 
+    @override_settings(CSRF_HEADER_NAME='HTTP_X_CSRFTOKEN_CUSTOMIZED')
+    def test_csrf_token_in_header_with_customized_name(self):
+        """
+        settings.CSRF_HEADER_NAME can be used to customize the CSRF header name
+        """
+        req = self._get_POST_csrf_cookie_request()
+        req.META['HTTP_X_CSRFTOKEN_CUSTOMIZED'] = self._csrf_id
+        req2 = CsrfViewMiddleware().process_view(req, post_form_view, (), {})
+        self.assertIsNone(req2)
+
     def test_put_and_delete_rejected(self):
         """
         Tests that HTTP PUT and DELETE methods have protection