1
0
mirror of https://github.com/django/django.git synced 2025-10-23 21:59:11 +00:00

Fixed #32678 -- Removed SECURE_BROWSER_XSS_FILTER setting.

This commit is contained in:
Tim Graham
2021-04-23 08:59:35 -04:00
committed by Mariusz Felisiak
parent 8bcb00858e
commit 54da6e2ac2
8 changed files with 23 additions and 82 deletions

View File

@@ -175,34 +175,6 @@ class SecurityMiddlewareTest(SimpleTestCase):
"""
self.assertNotIn('X-Content-Type-Options', self.process_response().headers)
@override_settings(SECURE_BROWSER_XSS_FILTER=True)
def test_xss_filter_on(self):
"""
With SECURE_BROWSER_XSS_FILTER set to True, the middleware adds
"s-xss-protection: 1; mode=block" header to the response.
"""
self.assertEqual(
self.process_response().headers['X-XSS-Protection'],
'1; mode=block',
)
@override_settings(SECURE_BROWSER_XSS_FILTER=True)
def test_xss_filter_already_present(self):
"""
The middleware will not override an "X-XSS-Protection" header
already present in the response.
"""
response = self.process_response(secure=True, headers={"X-XSS-Protection": "foo"})
self.assertEqual(response.headers["X-XSS-Protection"], "foo")
@override_settings(SECURE_BROWSER_XSS_FILTER=False)
def test_xss_filter_off(self):
"""
With SECURE_BROWSER_XSS_FILTER set to False, the middleware does not
add an "X-XSS-Protection" header to the response.
"""
self.assertNotIn('X-XSS-Protection', self.process_response().headers)
@override_settings(SECURE_SSL_REDIRECT=True)
def test_ssl_redirect_on(self):
"""