def test_process_view_replace_https_referer(self): post_middleware = CorsPostCsrfMiddleware() request = Mock(path='/') request.method = 'GET' request.is_secure = lambda: True request.META = { 'HTTP_REFERER': 'https://foo.google.com/', 'HTTP_HOST': 'foobar.com', 'HTTP_ORIGIN': 'https://foo.google.com', } with settings_override(CORS_URLS_REGEX='^.*$', CORS_ORIGIN_REGEX_WHITELIST='.*google.*', CORS_REPLACE_HTTPS_REFERER=True): response = self.middleware.process_view(request, None, None, None) self.assertIsNone(response) self.assertEquals(request.META['ORIGINAL_HTTP_REFERER'], 'https://foo.google.com/') self.assertEquals(request.META['HTTP_REFERER'], 'https://foobar.com/') with settings_override(CORS_URLS_REGEX='^.*$', CORS_REPLACE_HTTPS_REFERER=True): post_middleware.process_view(request, None, None, None) self.assertTrue('ORIGINAL_HTTP_REFERER' not in request.META) self.assertEquals(request.META['HTTP_REFERER'], 'https://foo.google.com/') with settings_override(CORS_URLS_REGEX='^.*$', CORS_REPLACE_HTTPS_REFERER=True): response = post_middleware.process_view(request, None, None, None) self.assertIsNone(response)
def test_process_view_replace_https_referer(self): post_middleware = CorsPostCsrfMiddleware() request = self.req_factory.get( '/', HTTP_FAKE_SECURE='true', HTTP_HOST='foobar.com', HTTP_ORIGIN='https://foo.google.com', HTTP_REFERER='https://foo.google.com/', ) response = self.middleware.process_view(request, None, None, None) assert response is None assert request.META['ORIGINAL_HTTP_REFERER'] == 'https://foo.google.com/' assert request.META['HTTP_REFERER'] == 'https://foobar.com/' post_middleware.process_view(request, None, None, None) assert 'ORIGINAL_HTTP_REFERER' not in request.META assert request.META['HTTP_REFERER'] == 'https://foo.google.com/' response = post_middleware.process_view(request, None, None, None) assert response is None
def test_process_view_replace_https_referer(self): post_middleware = CorsPostCsrfMiddleware() request = Mock(path='/') request.method = 'GET' request.is_secure = lambda: True request.META = { 'HTTP_REFERER': 'https://foo.google.com/', 'HTTP_HOST': 'foobar.com', 'HTTP_ORIGIN': 'https://foo.google.com', } response = self.middleware.process_view(request, None, None, None) assert response is None assert request.META[ 'ORIGINAL_HTTP_REFERER'] == 'https://foo.google.com/' assert request.META['HTTP_REFERER'] == 'https://foobar.com/' post_middleware.process_view(request, None, None, None) assert 'ORIGINAL_HTTP_REFERER' not in request.META assert request.META['HTTP_REFERER'] == 'https://foo.google.com/' response = post_middleware.process_view(request, None, None, None) assert response is None