def test_header_invalid(self):
self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'whimsy'
result = x_frame_options(self.reqs)
self.assertEquals('x-frame-options-header-invalid', result['result'])
self.assertFalse(result['pass'])
# common to see this header sent multiple times
self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'SAMEORIGIN, SAMEORIGIN'
result = x_frame_options(self.reqs)
self.assertEquals('x-frame-options-header-invalid', result['result'])
self.assertFalse(result['pass'])
def test_header_invalid(self):
self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'whimsy'
result = x_frame_options(self.reqs)
self.assertEquals('x-frame-options-header-invalid', result['result'])
self.assertFalse(result['pass'])
# common to see this header sent multiple times
self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'SAMEORIGIN, SAMEORIGIN'
result = x_frame_options(self.reqs)
self.assertEquals('x-frame-options-header-invalid', result['result'])
self.assertFalse(result['pass'])
def test_deny(self):
self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'DENY'
result = x_frame_options(self.reqs)
self.assertEquals('x-frame-options-sameorigin-or-deny', result['result'])
self.assertTrue(result['pass'])
def test_allow_from_origin(self):
self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'ALLOW-FROM https://mozilla.org'
result = x_frame_options(self.reqs)
self.assertEquals('x-frame-options-allow-from-origin', result['result'])
self.assertTrue(result['pass'])
def test_allow_from_origin(self):
self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'ALLOW-FROM https://mozilla.org'
result = x_frame_options(self.reqs)
self.assertEquals('x-frame-options-allow-from-origin', result['result'])
self.assertTrue(result['pass'])
def test_deny(self):
self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'DENY'
result = x_frame_options(self.reqs)
self.assertEquals('x-frame-options-sameorigin-or-deny', result['result'])
self.assertTrue(result['pass'])
def test_enabled_via_csp(self):
self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'DENY'
self.reqs['responses']['auto'].headers['Content-Security-Policy'] = 'frame-ancestors https://mozilla.org'
result = x_frame_options(self.reqs)
self.assertEquals('x-frame-options-implemented-via-csp', result['result'])
self.assertTrue(result['pass'])
def test_enabled_via_csp(self):
self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'DENY'
self.reqs['responses']['auto'].headers['Content-Security-Policy'] = 'frame-ancestors https://mozilla.org'
result = x_frame_options(self.reqs)
self.assertEquals('x-frame-options-implemented-via-csp', result['result'])
self.assertTrue(result['pass'])
def test_missing(self):
result = x_frame_options(self.reqs)
self.assertEquals('x-frame-options-not-implemented', result['result'])
self.assertFalse(result['pass'])
def test_missing(self):
result = x_frame_options(self.reqs)
self.assertEquals('x-frame-options-not-implemented', result['result'])
self.assertFalse(result['pass'])
