Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY.

author: Claude Paroz <claude@2xlibre.net> 2019-09-07 09:52:10 +0200
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2019-09-09 08:15:26 +0200
commit: 05d0eca635853564c57e639ac5590674a7de2ed6 (patch)
tree: b1c129224e58ed5cda1a2aad142b06be96c4d144 /tests/middleware
parent: 5495ea3ae0a64f61ae15f44970ea91ed7ce17a38 (diff)
download: django-05d0eca635853564c57e639ac5590674a7de2ed6.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/tests/middleware/tests.py b/tests/middleware/tests.py
index 971fe0a74a..def313c5f7 100644
--- a/tests/middleware/tests.py
+++ b/tests/middleware/tests.py
@@ -621,12 +621,12 @@ class XFrameOptionsMiddlewareTest(SimpleTestCase):
     def test_defaults_sameorigin(self):
         """
         If the X_FRAME_OPTIONS setting is not set then it defaults to
-        SAMEORIGIN.
+        DENY.
         """
         with override_settings(X_FRAME_OPTIONS=None):
             del settings.X_FRAME_OPTIONS    # restored by override_settings
             r = XFrameOptionsMiddleware().process_response(HttpRequest(), HttpResponse())
-            self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')
+            self.assertEqual(r['X-Frame-Options'], 'DENY')
 
     def test_dont_set_if_set(self):
         """
author	Claude Paroz <claude@2xlibre.net>	2019-09-07 09:52:10 +0200
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2019-09-09 08:15:26 +0200
commit	05d0eca635853564c57e639ac5590674a7de2ed6 (patch)
tree	b1c129224e58ed5cda1a2aad142b06be96c4d144 /tests/middleware
parent	5495ea3ae0a64f61ae15f44970ea91ed7ce17a38 (diff)
download	django-05d0eca635853564c57e639ac5590674a7de2ed6.tar.gz