diff options
author | Nick Pope <nick.pope@flightdataservices.com> | 2019-03-21 21:33:41 +0000 |
---|---|---|
committer | Carlton Gibson <carlton.gibson@noumenal.es> | 2019-09-09 13:35:41 +0200 |
commit | 406dba04e1482a308cad74e3d06c050c76ba2d16 (patch) | |
tree | d5ec1f049f18481b620d993938d21de83d547673 /tests/middleware | |
parent | 1edbb6c19405a629200ba3683968f3dba2744e7e (diff) | |
download | django-406dba04e1482a308cad74e3d06c050c76ba2d16.tar.gz |
Fixed #29406 -- Added support for Referrer-Policy header.
Thanks to James Bennett for the initial implementation.
Diffstat (limited to 'tests/middleware')
-rw-r--r-- | tests/middleware/test_security.py | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/tests/middleware/test_security.py b/tests/middleware/test_security.py index 86153f19ee..07b72fc73a 100644 --- a/tests/middleware/test_security.py +++ b/tests/middleware/test_security.py @@ -222,3 +222,36 @@ class SecurityMiddlewareTest(SimpleTestCase): """ ret = self.process_request("get", "/some/url") self.assertIsNone(ret) + + @override_settings(SECURE_REFERRER_POLICY=None) + def test_referrer_policy_off(self): + """ + With SECURE_REFERRER_POLICY set to None, the middleware does not add a + "Referrer-Policy" header to the response. + """ + self.assertNotIn('Referrer-Policy', self.process_response()) + + def test_referrer_policy_on(self): + """ + With SECURE_REFERRER_POLICY set to a valid value, the middleware adds a + "Referrer-Policy" header to the response. + """ + tests = ( + ('strict-origin', 'strict-origin'), + ('strict-origin,origin', 'strict-origin,origin'), + ('strict-origin, origin', 'strict-origin,origin'), + (['strict-origin', 'origin'], 'strict-origin,origin'), + (('strict-origin', 'origin'), 'strict-origin,origin'), + ) + for value, expected in tests: + with self.subTest(value=value), override_settings(SECURE_REFERRER_POLICY=value): + self.assertEqual(self.process_response()['Referrer-Policy'], expected) + + @override_settings(SECURE_REFERRER_POLICY='strict-origin') + def test_referrer_policy_already_present(self): + """ + The middleware will not override a "Referrer-Policy" header already + present in the response. + """ + response = self.process_response(headers={'Referrer-Policy': 'unsafe-url'}) + self.assertEqual(response['Referrer-Policy'], 'unsafe-url') |