def add_csp_header(self, request, response, header, base, can_call, is_str, attrs):
if header in response:
return
if is_str:
response[header] = base
return
csp = call_csp_dict(base, request, response) if can_call else base
for attr in attrs:
update = getattr(response, attr, None)
if update is not None:
if update.pop('override', False):
csp = update
else:
csp = merge_csp_dict(csp, update)
break
if not csp:
return
try:
policy = CSPCompiler(csp).compile()
except InvalidCSPError:
log.exception('Invalid CSP on page: %s', request.get_full_path())
return
response[header] = policy
def test_tuple_override(self):
self.assertEqual(merge_csp_dict({'spam': (1, )}, {'spam': (2, )}),
{'spam': (1, 2)})
def test_set_override(self):
orig = {1}
self.assertEqual(merge_csp_dict({'spam': orig}, {'spam': [2]}),
{'spam': {1, 2}})
self.assertEqual(orig, {1})
def test_list_override(self):
orig = [1]
self.assertEqual(merge_csp_dict({'spam': orig}, {'spam': [2]}),
{'spam': [1, 2]})
self.assertEqual(orig, [1])
def test_scalar_override(self):
self.assertEqual(merge_csp_dict({'spam': 1}, {'spam': 2}), {'spam': 2})
def test_distinct_key(self):
self.assertEqual(merge_csp_dict({'spam': 1}, {'ham': 2}), {
'spam': 1,
'ham': 2
})
def test_null(self):
test = {'key': 'value'}
self.assertEqual(merge_csp_dict(test, {}), test)