Ejemplo n.º 1
0
# pylint: disable=protected-access

import pytest
from csp.middleware import CSPMiddleware
from csp_admin.middleware import DjangoCSPAdminMiddleware
from csp_admin.models import CSPDirective, CSPDirectiveValue
from django.http import HttpResponse
from django.test import RequestFactory

csp_mw = CSPMiddleware()
mw = DjangoCSPAdminMiddleware()
rf = RequestFactory()


@pytest.mark.django_db
def test_no_header():
    request = rf.get('/')
    response = HttpResponse()
    mw.process_response(request, response)
    csp_mw.process_response(request, response)
    assert 'content-security-policy' in response._headers
    assert response._headers['content-security-policy'] == (
        'Content-Security-Policy', '')


@pytest.mark.django_db
def test_default_src():
    d = CSPDirective.objects.create(name='default-src', enabled=True)
    CSPDirectiveValue.objects.create(directive=d, value="'self'")
    request = rf.get('/')
    response = HttpResponse()
Ejemplo n.º 2
0
from django.http import (
    HttpResponse,
    HttpResponseServerError,
    HttpResponseNotFound,
)
from django.test import RequestFactory
from django.test.utils import override_settings

from csp.middleware import CSPMiddleware
from csp.tests.utils import response

HEADER = 'Content-Security-Policy'
mw = CSPMiddleware(response())
rf = RequestFactory()


def test_add_header():
    request = rf.get('/')
    response = HttpResponse()
    mw.process_response(request, response)
    assert HEADER in response


def test_exempt():
    request = rf.get('/')
    response = HttpResponse()
    response._csp_exempt = True
    mw.process_response(request, response)
    assert HEADER not in response