diff options
Diffstat (limited to 'tests/settings_tests/tests.py')
-rw-r--r-- | tests/settings_tests/tests.py | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/tests/settings_tests/tests.py b/tests/settings_tests/tests.py index 1b095533b1..f9ea7700bb 100644 --- a/tests/settings_tests/tests.py +++ b/tests/settings_tests/tests.py @@ -425,6 +425,26 @@ class SecureProxySslHeaderTest(SimpleTestCase): self.assertIs(req.is_secure(), True) @override_settings(SECURE_PROXY_SSL_HEADER=("HTTP_X_FORWARDED_PROTO", "https")) + def test_set_with_xheader_leftmost_right(self): + req = HttpRequest() + req.META["HTTP_X_FORWARDED_PROTO"] = "https, http" + self.assertIs(req.is_secure(), True) + req.META["HTTP_X_FORWARDED_PROTO"] = "https , http" + self.assertIs(req.is_secure(), True) + + @override_settings(SECURE_PROXY_SSL_HEADER=("HTTP_X_FORWARDED_PROTO", "https")) + def test_set_with_xheader_leftmost_not_secure(self): + req = HttpRequest() + req.META["HTTP_X_FORWARDED_PROTO"] = "http, https" + self.assertIs(req.is_secure(), False) + + @override_settings(SECURE_PROXY_SSL_HEADER=("HTTP_X_FORWARDED_PROTO", "https")) + def test_set_with_xheader_multiple_not_secure(self): + req = HttpRequest() + req.META["HTTP_X_FORWARDED_PROTO"] = "http ,wrongvalue,http,http" + self.assertIs(req.is_secure(), False) + + @override_settings(SECURE_PROXY_SSL_HEADER=("HTTP_X_FORWARDED_PROTO", "https")) def test_xheader_preferred_to_underlying_request(self): class ProxyRequest(HttpRequest): def _get_scheme(self): |