# pylint: disable=protected-access import pytest from csp.middleware import CSPMiddleware from csp_admin.middleware import DjangoCSPAdminMiddleware from csp_admin.models import CSPDirective, CSPDirectiveValue from django.http import HttpResponse from django.test import RequestFactory csp_mw = CSPMiddleware() mw = DjangoCSPAdminMiddleware() rf = RequestFactory() @pytest.mark.django_db def test_no_header(): request = rf.get('/') response = HttpResponse() mw.process_response(request, response) csp_mw.process_response(request, response) assert 'content-security-policy' in response._headers assert response._headers['content-security-policy'] == ( 'Content-Security-Policy', '') @pytest.mark.django_db def test_default_src(): d = CSPDirective.objects.create(name='default-src', enabled=True) CSPDirectiveValue.objects.create(directive=d, value="'self'") request = rf.get('/') response = HttpResponse()
from django.http import ( HttpResponse, HttpResponseServerError, HttpResponseNotFound, ) from django.test import RequestFactory from django.test.utils import override_settings from csp.middleware import CSPMiddleware from csp.tests.utils import response HEADER = 'Content-Security-Policy' mw = CSPMiddleware(response()) rf = RequestFactory() def test_add_header(): request = rf.get('/') response = HttpResponse() mw.process_response(request, response) assert HEADER in response def test_exempt(): request = rf.get('/') response = HttpResponse() response._csp_exempt = True mw.process_response(request, response) assert HEADER not in response