mirror of
https://github.com/django/django.git
synced 2024-12-23 01:25:58 +00:00
Refs #16859 -- Disabled CSRF_COOKIE_* checks when using CSRF_USE_SESSIONS.
This commit is contained in:
parent
2f44fa7f06
commit
33e86b3488
@ -43,6 +43,7 @@ def check_csrf_middleware(app_configs, **kwargs):
|
||||
@register(Tags.security, deploy=True)
|
||||
def check_csrf_cookie_secure(app_configs, **kwargs):
|
||||
passed_check = (
|
||||
settings.CSRF_USE_SESSIONS or
|
||||
not _csrf_middleware() or
|
||||
settings.CSRF_COOKIE_SECURE
|
||||
)
|
||||
@ -52,6 +53,7 @@ def check_csrf_cookie_secure(app_configs, **kwargs):
|
||||
@register(Tags.security, deploy=True)
|
||||
def check_csrf_cookie_httponly(app_configs, **kwargs):
|
||||
passed_check = (
|
||||
settings.CSRF_USE_SESSIONS or
|
||||
not _csrf_middleware() or
|
||||
settings.CSRF_COOKIE_HTTPONLY
|
||||
)
|
||||
|
@ -166,6 +166,17 @@ class CheckCSRFCookieSecureTest(SimpleTestCase):
|
||||
"""
|
||||
self.assertEqual(self.func(None), [csrf.W016])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"],
|
||||
CSRF_USE_SESSIONS=True,
|
||||
CSRF_COOKIE_SECURE=False)
|
||||
def test_use_sessions_with_csrf_cookie_secure_false(self):
|
||||
"""
|
||||
No warning if CSRF_COOKIE_SECURE isn't True while CSRF_USE_SESSIONS
|
||||
is True.
|
||||
"""
|
||||
self.assertEqual(self.func(None), [])
|
||||
|
||||
@override_settings(MIDDLEWARE=[], MIDDLEWARE_CLASSES=[], CSRF_COOKIE_SECURE=False)
|
||||
def test_with_csrf_cookie_secure_false_no_middleware(self):
|
||||
"""
|
||||
@ -197,6 +208,17 @@ class CheckCSRFCookieHttpOnlyTest(SimpleTestCase):
|
||||
"""
|
||||
self.assertEqual(self.func(None), [csrf.W017])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"],
|
||||
CSRF_USE_SESSIONS=True,
|
||||
CSRF_COOKIE_HTTPONLY=False)
|
||||
def test_use_sessions_with_csrf_cookie_httponly_false(self):
|
||||
"""
|
||||
No warning if CSRF_COOKIE_HTTPONLY isn't True while CSRF_USE_SESSIONS
|
||||
is True.
|
||||
"""
|
||||
self.assertEqual(self.func(None), [])
|
||||
|
||||
@override_settings(MIDDLEWARE=[], MIDDLEWARE_CLASSES=[], CSRF_COOKIE_HTTPONLY=False)
|
||||
def test_with_csrf_cookie_httponly_false_no_middleware(self):
|
||||
"""
|
||||
|
Loading…
Reference in New Issue
Block a user