def test_response_exempt(self): """ Tests that if the response has a xframe_options_exempt attribute set to False then it still sets the header, but if it's set to True then it does not. """ settings.X_FRAME_OPTIONS = 'SAMEORIGIN' response = HttpResponse() response.xframe_options_exempt = False r = XFrameOptionsMiddleware().process_response(HttpRequest(), response) self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN') response = HttpResponse() response.xframe_options_exempt = True r = XFrameOptionsMiddleware().process_response(HttpRequest(), response) self.assertEqual(r.get('X-Frame-Options', None), None)