Пример #1
0
    def test_header_invalid(self):
        self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'whimsy'

        result = x_frame_options(self.reqs)

        self.assertEquals('x-frame-options-header-invalid', result['result'])
        self.assertFalse(result['pass'])

        # common to see this header sent multiple times
        self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'SAMEORIGIN, SAMEORIGIN'

        result = x_frame_options(self.reqs)

        self.assertEquals('x-frame-options-header-invalid', result['result'])
        self.assertFalse(result['pass'])
Пример #2
0
    def test_header_invalid(self):
        self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'whimsy'

        result = x_frame_options(self.reqs)

        self.assertEquals('x-frame-options-header-invalid', result['result'])
        self.assertFalse(result['pass'])

        # common to see this header sent multiple times
        self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'SAMEORIGIN, SAMEORIGIN'

        result = x_frame_options(self.reqs)

        self.assertEquals('x-frame-options-header-invalid', result['result'])
        self.assertFalse(result['pass'])
Пример #3
0
    def test_deny(self):
        self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'DENY'

        result = x_frame_options(self.reqs)

        self.assertEquals('x-frame-options-sameorigin-or-deny', result['result'])
        self.assertTrue(result['pass'])
Пример #4
0
    def test_allow_from_origin(self):
        self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'ALLOW-FROM https://mozilla.org'

        result = x_frame_options(self.reqs)

        self.assertEquals('x-frame-options-allow-from-origin', result['result'])
        self.assertTrue(result['pass'])
Пример #5
0
    def test_allow_from_origin(self):
        self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'ALLOW-FROM https://mozilla.org'

        result = x_frame_options(self.reqs)

        self.assertEquals('x-frame-options-allow-from-origin', result['result'])
        self.assertTrue(result['pass'])
Пример #6
0
    def test_deny(self):
        self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'DENY'

        result = x_frame_options(self.reqs)

        self.assertEquals('x-frame-options-sameorigin-or-deny', result['result'])
        self.assertTrue(result['pass'])
Пример #7
0
    def test_enabled_via_csp(self):
        self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'DENY'
        self.reqs['responses']['auto'].headers['Content-Security-Policy'] = 'frame-ancestors https://mozilla.org'

        result = x_frame_options(self.reqs)

        self.assertEquals('x-frame-options-implemented-via-csp', result['result'])
        self.assertTrue(result['pass'])
Пример #8
0
    def test_enabled_via_csp(self):
        self.reqs['responses']['auto'].headers['X-Frame-Options'] = 'DENY'
        self.reqs['responses']['auto'].headers['Content-Security-Policy'] = 'frame-ancestors https://mozilla.org'

        result = x_frame_options(self.reqs)

        self.assertEquals('x-frame-options-implemented-via-csp', result['result'])
        self.assertTrue(result['pass'])
Пример #9
0
    def test_missing(self):
        result = x_frame_options(self.reqs)

        self.assertEquals('x-frame-options-not-implemented', result['result'])
        self.assertFalse(result['pass'])
Пример #10
0
    def test_missing(self):
        result = x_frame_options(self.reqs)

        self.assertEquals('x-frame-options-not-implemented', result['result'])
        self.assertFalse(result['pass'])