예제 #1
0
    def test_exempt_decorator(self):
        """
        Ensures @xframe_options_exempt properly instructs the
        XFrameOptionsMiddleware to NOT set the header.
        """
        @xframe_options_exempt
        def a_view(request):
            return HttpResponse()
        req = HttpRequest()
        resp = a_view(req)
        self.assertEqual(resp.get('X-Frame-Options', None), None)
        self.assertTrue(resp.xframe_options_exempt)

        # Since the real purpose of the exempt decorator is to suppress
        # the middleware's functionality, let's make sure it actually works...
        r = XFrameOptionsMiddleware().process_response(req, resp)
        self.assertEqual(r.get('X-Frame-Options', None), None)
예제 #2
0
    def test_response_exempt(self):
        """
        Tests that if the response has a xframe_options_exempt attribute set
        to False then it still sets the header, but if it's set to True then
        it does not.
        """
        settings.X_FRAME_OPTIONS = 'SAMEORIGIN'
        response = HttpResponse()
        response.xframe_options_exempt = False
        r = XFrameOptionsMiddleware().process_response(HttpRequest(),
                                                       response)
        self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')

        response = HttpResponse()
        response.xframe_options_exempt = True
        r = XFrameOptionsMiddleware().process_response(HttpRequest(),
                                                       response)
        self.assertEqual(r.get('X-Frame-Options', None), None)