def test_cache_override(self):
"""
Check each part of the cache-control instruction can be overridden
individually, or nullified
"""
with create_test_app().test_client() as client:
# all 3 values are overriden, and "public" is added
all_response = client.get("cache/all")
all_cache = all_response.headers.get("Cache-Control")
self.assertIn("public", all_cache)
self.assertIn("max-age=4321", all_cache)
self.assertIn("stale-while-revalidate=4321", all_cache)
self.assertIn("stale-if-error=4321", all_cache)
# all values are nullified, leading no cache-control header
none_response = client.get("cache/none")
none_cache = none_response.headers.get("Cache-Control")
self.assertIsNone(none_cache)
# only max-age is overridden, so the "stale" instructions remain
max_age_response = client.get("cache/max-age")
max_age_cache = max_age_response.headers.get("Cache-Control")
self.assertNotIn("public", max_age_cache)
self.assertIn("max-age=4321", max_age_cache)
self.assertIn("stale-while-revalidate=86400", max_age_cache)
self.assertIn("stale-if-error=300", max_age_cache)
# only "stale-while-revalidate" is overridden
stale_response = client.get("cache/stale")
stale_cache = stale_response.headers.get("Cache-Control")
self.assertNotIn("public", stale_cache)
self.assertIn("max-age=60", stale_cache)
self.assertIn("stale-while-revalidate=4321", stale_cache)
self.assertIn("stale-if-error=300", stale_cache)
def test_security_headers(self):
with create_test_app().test_client() as client:
response = client.get("page")
self.assertEqual(
response.headers.get("X-Frame-Options"),
"SAMEORIGIN",
)
def test_status_endpoints(self):
with create_test_app().test_client() as client:
os.environ["TALISKER_REVISION_ID"] = "a-build-id"
response = client.get("_status/check")
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data.decode(), "a-build-id")
self.assertEqual(response.headers.get("Cache-Control"), "no-store")
def test_cache_does_not_overide(self):
with create_test_app().test_client() as client:
cached_response = client.get("cache")
self.assertEqual(
cached_response.headers.get("Cache-Control"),
"public, max-age=1000",
)
def test_default_cache_headers(self):
with create_test_app().test_client() as client:
cached_response = client.get("page")
self.assertEqual(
cached_response.headers.get("Cache-Control"),
"public, max-age=300, stale-while-revalidate=360",
)
def test_static_files(self):
flask_app = create_test_app()
with flask_app.test_client() as client:
# Check basic serving of static files works
# status is 200, contents matches and cache is as expected
plain_response = client.get("static/test.json")
plain_cache = plain_response.headers.get("Cache-Control")
self.assertEqual(plain_response.status_code, 200)
self.assertEqual(plain_response.json["fish"], "chips")
self.assertIn("public", plain_cache)
max_age = flask_app.config["SEND_FILE_MAX_AGE_DEFAULT"]
if max_age:
self.assertIn(f"max-age={max_age.seconds}", plain_cache)
else:
self.assertIn("max-age=60", plain_cache)
# Check hashed content is served with a year-long cache
hash_response = client.get("static/test.json?v=527d233")
hash_cache = hash_response.headers.get("Cache-Control")
self.assertEqual(hash_response.status_code, 200)
self.assertEqual(hash_response.json["fish"], "chips")
self.assertIn("public", hash_cache)
self.assertIn("max-age=31536000", hash_cache)
# Check when hash doesn't match, we get a 404
not_found_response = client.get("static/test.json?v=527d234")
self.assertEqual(not_found_response.status_code, 404)
def test_default_cache_headers(self):
with create_test_app().test_client() as client:
cached_response = client.get("page")
cache = cached_response.headers.get("Cache-Control")
self.assertNotIn("public", cache)
self.assertIn("max-age=60", cache)
self.assertIn("stale-while-revalidate=86400", cache)
self.assertIn("stale-if-error=300", cache)
def test_favicon_serve(self):
"""
If `favicon_url` is provided, check requests to `/favicon.ico`
receive a redirect
"""
local_app = create_test_app()
with local_app.test_client() as client:
response = client.get("/favicon.ico")
self.assertEqual(200, response.status_code)
def test_clear_trailing_slash(self):
with create_test_app().test_client() as client:
response = client.get("/")
self.assertEqual(200, response.status_code)
response = client.get("/page")
self.assertEqual(200, response.status_code)
response = client.get("/page/")
self.assertEqual(302, response.status_code)
self.assertEqual("http://localhost/page",
response.headers.get("Location"))
def test_error_pages(self):
"""
If "404.html" and "500.html" are provided as templates,
check we get the response from those templates when we get an error
"""
with create_test_app().test_client() as client:
response = client.get("non-existent-page")
self.assertEqual(404, response.status_code)
self.assertEqual(response.data, b"error 404")
response = client.get("error")
self.assertEqual(500, response.status_code)
self.assertEqual(response.data, b"error 500")
def test_robots_humans(self):
"""
If `robots.txt` and `humans.txt` are provided at the root of the
project, check requests to `/robots.txt` load the content
"""
with create_test_app().test_client() as client:
warnings.simplefilter("ignore", ResourceWarning)
robots_response = client.get("robots.txt")
humans_response = client.get("humans.txt")
self.assertEqual(200, robots_response.status_code)
self.assertEqual(200, humans_response.status_code)
self.assertEqual(robots_response.data, b"robots!")
self.assertEqual(humans_response.data, b"humans!")
def test_text_files(self):
"""
If `robots.txt`, `humans.txt`, `security.txt` are provided at the root
of the project, check requests to `/robots.txt` load the content
"""
with create_test_app().test_client() as client:
warnings.simplefilter("ignore", ResourceWarning)
robots_response = client.get("robots.txt")
humans_response = client.get("humans.txt")
security_response = client.get("/.well-known/security.txt")
self.assertEqual(200, robots_response.status_code)
self.assertEqual(200, humans_response.status_code)
self.assertEqual(200, security_response.status_code)
self.assertEqual(robots_response.data, b"robots!")
self.assertEqual(humans_response.data, b"humans!")
self.assertEqual(security_response.data,
b"security is very important!")
def test_redirects_deleted(self):
"""
Check test_app/{redirects,permanent-redirects,deleted}.yaml
are processed correctly
"""
with create_test_app().test_client() as client:
redirect_response = client.get("redirect")
self.assertEqual(302, redirect_response.status_code)
self.assertEqual(
redirect_response.headers.get("Location"),
"https://httpbin.org/",
)
permanent_response = client.get("permanent-redirect")
self.assertEqual(301, permanent_response.status_code)
self.assertEqual(
permanent_response.headers.get("Location"),
"https://example.com/",
)
deleted_response = client.get("deleted")
self.assertEqual(410, deleted_response.status_code)
self.assertEqual(deleted_response.data, b"Deleted")
def test_vary_cookie_when_session(self):
with create_test_app().test_client() as client:
cached_response_with_session = client.get("auth")
self.assertEqual(
cached_response_with_session.headers.get("Vary"), "Cookie"
)
def test_redirects_have_no_cache_headers(self):
with create_test_app().test_client() as client:
soft_redirect = client.get("soft-redirect")
hard_redirect = client.get("hard-redirect")
self.assertTrue("Cache-Control" not in soft_redirect.headers)
self.assertTrue("Cache-Control" not in hard_redirect.headers)
def test_status_endpoints(self):
with create_test_app().test_client() as client:
response = client.get("_status/check")
self.assertEqual(response.status_code, 200)
self.assertEqual(response.data.decode(), "OK")
self.assertEqual(response.headers.get("Cache-Control"), "no-store")
