mirror of
https://github.com/django/django.git
synced 2025-10-23 21:59:11 +00:00
Fixed #26601 -- Improved middleware per DEP 0005.
Thanks Tim Graham for polishing the patch, updating the tests, and writing documentation. Thanks Carl Meyer for shepherding the DEP.
This commit is contained in:
Florian Apolloner
committed by
Tim Graham
Tim Graham
parent
05c888ffb8
commit
9baf692a58
@@ -1,5 +1,6 @@
|
||||
from django.conf import settings
|
||||
from django.core.checks.security import base, csrf, sessions
|
||||
from django.core.checks.utils import patch_middleware_message
|
||||
from django.test import SimpleTestCase
|
||||
from django.test.utils import override_settings
|
||||
|
||||
@@ -13,7 +14,7 @@ class CheckSessionCookieSecureTest(SimpleTestCase):
|
||||
@override_settings(
|
||||
SESSION_COOKIE_SECURE=False,
|
||||
INSTALLED_APPS=["django.contrib.sessions"],
|
||||
MIDDLEWARE_CLASSES=[])
|
||||
MIDDLEWARE=[])
|
||||
def test_session_cookie_secure_with_installed_app(self):
|
||||
"""
|
||||
Warn if SESSION_COOKIE_SECURE is off and "django.contrib.sessions" is
|
||||
@@ -21,22 +22,38 @@ class CheckSessionCookieSecureTest(SimpleTestCase):
|
||||
"""
|
||||
self.assertEqual(self.func(None), [sessions.W010])
|
||||
|
||||
@override_settings(
|
||||
SESSION_COOKIE_SECURE=False,
|
||||
INSTALLED_APPS=["django.contrib.sessions"],
|
||||
MIDDLEWARE=None,
|
||||
MIDDLEWARE_CLASSES=[])
|
||||
def test_session_cookie_secure_with_installed_app_middleware_classes(self):
|
||||
self.assertEqual(self.func(None), [sessions.W010])
|
||||
|
||||
@override_settings(
|
||||
SESSION_COOKIE_SECURE=False,
|
||||
INSTALLED_APPS=[],
|
||||
MIDDLEWARE_CLASSES=["django.contrib.sessions.middleware.SessionMiddleware"])
|
||||
MIDDLEWARE=["django.contrib.sessions.middleware.SessionMiddleware"])
|
||||
def test_session_cookie_secure_with_middleware(self):
|
||||
"""
|
||||
Warn if SESSION_COOKIE_SECURE is off and
|
||||
"django.contrib.sessions.middleware.SessionMiddleware" is in
|
||||
MIDDLEWARE_CLASSES.
|
||||
MIDDLEWARE.
|
||||
"""
|
||||
self.assertEqual(self.func(None), [sessions.W011])
|
||||
|
||||
@override_settings(
|
||||
SESSION_COOKIE_SECURE=False,
|
||||
INSTALLED_APPS=["django.contrib.sessions"],
|
||||
INSTALLED_APPS=[],
|
||||
MIDDLEWARE=None,
|
||||
MIDDLEWARE_CLASSES=["django.contrib.sessions.middleware.SessionMiddleware"])
|
||||
def test_session_cookie_secure_with_middleware_middleware_classes(self):
|
||||
self.assertEqual(self.func(None), [patch_middleware_message(sessions.W011)])
|
||||
|
||||
@override_settings(
|
||||
SESSION_COOKIE_SECURE=False,
|
||||
INSTALLED_APPS=["django.contrib.sessions"],
|
||||
MIDDLEWARE=["django.contrib.sessions.middleware.SessionMiddleware"])
|
||||
def test_session_cookie_secure_both(self):
|
||||
"""
|
||||
If SESSION_COOKIE_SECURE is off and we find both the session app and
|
||||
@@ -44,10 +61,18 @@ class CheckSessionCookieSecureTest(SimpleTestCase):
|
||||
"""
|
||||
self.assertEqual(self.func(None), [sessions.W012])
|
||||
|
||||
@override_settings(
|
||||
SESSION_COOKIE_SECURE=False,
|
||||
INSTALLED_APPS=["django.contrib.sessions"],
|
||||
MIDDLEWARE=None,
|
||||
MIDDLEWARE_CLASSES=["django.contrib.sessions.middleware.SessionMiddleware"])
|
||||
def test_session_cookie_secure_both_middleware_classes(self):
|
||||
self.assertEqual(self.func(None), [sessions.W012])
|
||||
|
||||
@override_settings(
|
||||
SESSION_COOKIE_SECURE=True,
|
||||
INSTALLED_APPS=["django.contrib.sessions"],
|
||||
MIDDLEWARE_CLASSES=["django.contrib.sessions.middleware.SessionMiddleware"])
|
||||
MIDDLEWARE=["django.contrib.sessions.middleware.SessionMiddleware"])
|
||||
def test_session_cookie_secure_true(self):
|
||||
"""
|
||||
If SESSION_COOKIE_SECURE is on, there's no warning about it.
|
||||
@@ -64,7 +89,7 @@ class CheckSessionCookieHttpOnlyTest(SimpleTestCase):
|
||||
@override_settings(
|
||||
SESSION_COOKIE_HTTPONLY=False,
|
||||
INSTALLED_APPS=["django.contrib.sessions"],
|
||||
MIDDLEWARE_CLASSES=[])
|
||||
MIDDLEWARE=[])
|
||||
def test_session_cookie_httponly_with_installed_app(self):
|
||||
"""
|
||||
Warn if SESSION_COOKIE_HTTPONLY is off and "django.contrib.sessions"
|
||||
@@ -75,19 +100,19 @@ class CheckSessionCookieHttpOnlyTest(SimpleTestCase):
|
||||
@override_settings(
|
||||
SESSION_COOKIE_HTTPONLY=False,
|
||||
INSTALLED_APPS=[],
|
||||
MIDDLEWARE_CLASSES=["django.contrib.sessions.middleware.SessionMiddleware"])
|
||||
MIDDLEWARE=["django.contrib.sessions.middleware.SessionMiddleware"])
|
||||
def test_session_cookie_httponly_with_middleware(self):
|
||||
"""
|
||||
Warn if SESSION_COOKIE_HTTPONLY is off and
|
||||
"django.contrib.sessions.middleware.SessionMiddleware" is in
|
||||
MIDDLEWARE_CLASSES.
|
||||
MIDDLEWARE.
|
||||
"""
|
||||
self.assertEqual(self.func(None), [sessions.W014])
|
||||
|
||||
@override_settings(
|
||||
SESSION_COOKIE_HTTPONLY=False,
|
||||
INSTALLED_APPS=["django.contrib.sessions"],
|
||||
MIDDLEWARE_CLASSES=["django.contrib.sessions.middleware.SessionMiddleware"])
|
||||
MIDDLEWARE=["django.contrib.sessions.middleware.SessionMiddleware"])
|
||||
def test_session_cookie_httponly_both(self):
|
||||
"""
|
||||
If SESSION_COOKIE_HTTPONLY is off and we find both the session app and
|
||||
@@ -98,7 +123,7 @@ class CheckSessionCookieHttpOnlyTest(SimpleTestCase):
|
||||
@override_settings(
|
||||
SESSION_COOKIE_HTTPONLY=True,
|
||||
INSTALLED_APPS=["django.contrib.sessions"],
|
||||
MIDDLEWARE_CLASSES=["django.contrib.sessions.middleware.SessionMiddleware"])
|
||||
MIDDLEWARE=["django.contrib.sessions.middleware.SessionMiddleware"])
|
||||
def test_session_cookie_httponly_true(self):
|
||||
"""
|
||||
If SESSION_COOKIE_HTTPONLY is on, there's no warning about it.
|
||||
@@ -112,15 +137,15 @@ class CheckCSRFMiddlewareTest(SimpleTestCase):
|
||||
from django.core.checks.security.csrf import check_csrf_middleware
|
||||
return check_csrf_middleware
|
||||
|
||||
@override_settings(MIDDLEWARE_CLASSES=[])
|
||||
@override_settings(MIDDLEWARE=[], MIDDLEWARE_CLASSES=[])
|
||||
def test_no_csrf_middleware(self):
|
||||
"""
|
||||
Warn if CsrfViewMiddleware isn't in MIDDLEWARE_CLASSES.
|
||||
Warn if CsrfViewMiddleware isn't in MIDDLEWARE.
|
||||
"""
|
||||
self.assertEqual(self.func(None), [csrf.W003])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.csrf.CsrfViewMiddleware"])
|
||||
MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"])
|
||||
def test_with_csrf_middleware(self):
|
||||
self.assertEqual(self.func(None), [])
|
||||
|
||||
@@ -132,25 +157,25 @@ class CheckCSRFCookieSecureTest(SimpleTestCase):
|
||||
return check_csrf_cookie_secure
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.csrf.CsrfViewMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"],
|
||||
CSRF_COOKIE_SECURE=False)
|
||||
def test_with_csrf_cookie_secure_false(self):
|
||||
"""
|
||||
Warn if CsrfViewMiddleware is in MIDDLEWARE_CLASSES but
|
||||
Warn if CsrfViewMiddleware is in MIDDLEWARE but
|
||||
CSRF_COOKIE_SECURE isn't True.
|
||||
"""
|
||||
self.assertEqual(self.func(None), [csrf.W016])
|
||||
|
||||
@override_settings(MIDDLEWARE_CLASSES=[], CSRF_COOKIE_SECURE=False)
|
||||
@override_settings(MIDDLEWARE=[], MIDDLEWARE_CLASSES=[], CSRF_COOKIE_SECURE=False)
|
||||
def test_with_csrf_cookie_secure_false_no_middleware(self):
|
||||
"""
|
||||
No warning if CsrfViewMiddleware isn't in MIDDLEWARE_CLASSES, even if
|
||||
No warning if CsrfViewMiddleware isn't in MIDDLEWARE, even if
|
||||
CSRF_COOKIE_SECURE is False.
|
||||
"""
|
||||
self.assertEqual(self.func(None), [])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.csrf.CsrfViewMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"],
|
||||
CSRF_COOKIE_SECURE=True)
|
||||
def test_with_csrf_cookie_secure_true(self):
|
||||
self.assertEqual(self.func(None), [])
|
||||
@@ -163,25 +188,25 @@ class CheckCSRFCookieHttpOnlyTest(SimpleTestCase):
|
||||
return check_csrf_cookie_httponly
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.csrf.CsrfViewMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"],
|
||||
CSRF_COOKIE_HTTPONLY=False)
|
||||
def test_with_csrf_cookie_httponly_false(self):
|
||||
"""
|
||||
Warn if CsrfViewMiddleware is in MIDDLEWARE_CLASSES but
|
||||
Warn if CsrfViewMiddleware is in MIDDLEWARE but
|
||||
CSRF_COOKIE_HTTPONLY isn't True.
|
||||
"""
|
||||
self.assertEqual(self.func(None), [csrf.W017])
|
||||
|
||||
@override_settings(MIDDLEWARE_CLASSES=[], CSRF_COOKIE_HTTPONLY=False)
|
||||
@override_settings(MIDDLEWARE=[], MIDDLEWARE_CLASSES=[], CSRF_COOKIE_HTTPONLY=False)
|
||||
def test_with_csrf_cookie_httponly_false_no_middleware(self):
|
||||
"""
|
||||
No warning if CsrfViewMiddleware isn't in MIDDLEWARE_CLASSES, even if
|
||||
No warning if CsrfViewMiddleware isn't in MIDDLEWARE, even if
|
||||
CSRF_COOKIE_HTTPONLY is False.
|
||||
"""
|
||||
self.assertEqual(self.func(None), [])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.csrf.CsrfViewMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"],
|
||||
CSRF_COOKIE_HTTPONLY=True)
|
||||
def test_with_csrf_cookie_httponly_true(self):
|
||||
self.assertEqual(self.func(None), [])
|
||||
@@ -193,15 +218,15 @@ class CheckSecurityMiddlewareTest(SimpleTestCase):
|
||||
from django.core.checks.security.base import check_security_middleware
|
||||
return check_security_middleware
|
||||
|
||||
@override_settings(MIDDLEWARE_CLASSES=[])
|
||||
@override_settings(MIDDLEWARE=[])
|
||||
def test_no_security_middleware(self):
|
||||
"""
|
||||
Warn if SecurityMiddleware isn't in MIDDLEWARE_CLASSES.
|
||||
Warn if SecurityMiddleware isn't in MIDDLEWARE.
|
||||
"""
|
||||
self.assertEqual(self.func(None), [base.W001])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.security.SecurityMiddleware"])
|
||||
MIDDLEWARE=["django.middleware.security.SecurityMiddleware"])
|
||||
def test_with_security_middleware(self):
|
||||
self.assertEqual(self.func(None), [])
|
||||
|
||||
@@ -213,7 +238,7 @@ class CheckStrictTransportSecurityTest(SimpleTestCase):
|
||||
return check_sts
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.security.SecurityMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.security.SecurityMiddleware"],
|
||||
SECURE_HSTS_SECONDS=0)
|
||||
def test_no_sts(self):
|
||||
"""
|
||||
@@ -222,7 +247,7 @@ class CheckStrictTransportSecurityTest(SimpleTestCase):
|
||||
self.assertEqual(self.func(None), [base.W004])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=[],
|
||||
MIDDLEWARE=[],
|
||||
SECURE_HSTS_SECONDS=0)
|
||||
def test_no_sts_no_middleware(self):
|
||||
"""
|
||||
@@ -232,7 +257,7 @@ class CheckStrictTransportSecurityTest(SimpleTestCase):
|
||||
self.assertEqual(self.func(None), [])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.security.SecurityMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.security.SecurityMiddleware"],
|
||||
SECURE_HSTS_SECONDS=3600)
|
||||
def test_with_sts(self):
|
||||
self.assertEqual(self.func(None), [])
|
||||
@@ -245,7 +270,7 @@ class CheckStrictTransportSecuritySubdomainsTest(SimpleTestCase):
|
||||
return check_sts_include_subdomains
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.security.SecurityMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.security.SecurityMiddleware"],
|
||||
SECURE_HSTS_INCLUDE_SUBDOMAINS=False,
|
||||
SECURE_HSTS_SECONDS=3600)
|
||||
def test_no_sts_subdomains(self):
|
||||
@@ -255,7 +280,7 @@ class CheckStrictTransportSecuritySubdomainsTest(SimpleTestCase):
|
||||
self.assertEqual(self.func(None), [base.W005])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=[],
|
||||
MIDDLEWARE=[],
|
||||
SECURE_HSTS_INCLUDE_SUBDOMAINS=False,
|
||||
SECURE_HSTS_SECONDS=3600)
|
||||
def test_no_sts_subdomains_no_middleware(self):
|
||||
@@ -265,7 +290,7 @@ class CheckStrictTransportSecuritySubdomainsTest(SimpleTestCase):
|
||||
self.assertEqual(self.func(None), [])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.security.SecurityMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.security.SecurityMiddleware"],
|
||||
SECURE_SSL_REDIRECT=False,
|
||||
SECURE_HSTS_SECONDS=None)
|
||||
def test_no_sts_subdomains_no_seconds(self):
|
||||
@@ -275,7 +300,7 @@ class CheckStrictTransportSecuritySubdomainsTest(SimpleTestCase):
|
||||
self.assertEqual(self.func(None), [])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.security.SecurityMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.security.SecurityMiddleware"],
|
||||
SECURE_HSTS_INCLUDE_SUBDOMAINS=True,
|
||||
SECURE_HSTS_SECONDS=3600)
|
||||
def test_with_sts_subdomains(self):
|
||||
@@ -288,14 +313,14 @@ class CheckXFrameOptionsMiddlewareTest(SimpleTestCase):
|
||||
from django.core.checks.security.base import check_xframe_options_middleware
|
||||
return check_xframe_options_middleware
|
||||
|
||||
@override_settings(MIDDLEWARE_CLASSES=[])
|
||||
@override_settings(MIDDLEWARE=[])
|
||||
def test_middleware_not_installed(self):
|
||||
"""
|
||||
Warn if XFrameOptionsMiddleware isn't in MIDDLEWARE_CLASSES.
|
||||
Warn if XFrameOptionsMiddleware isn't in MIDDLEWARE.
|
||||
"""
|
||||
self.assertEqual(self.func(None), [base.W002])
|
||||
|
||||
@override_settings(MIDDLEWARE_CLASSES=["django.middleware.clickjacking.XFrameOptionsMiddleware"])
|
||||
@override_settings(MIDDLEWARE=["django.middleware.clickjacking.XFrameOptionsMiddleware"])
|
||||
def test_middleware_installed(self):
|
||||
self.assertEqual(self.func(None), [])
|
||||
|
||||
@@ -307,26 +332,26 @@ class CheckXFrameOptionsDenyTest(SimpleTestCase):
|
||||
return check_xframe_deny
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.clickjacking.XFrameOptionsMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.clickjacking.XFrameOptionsMiddleware"],
|
||||
X_FRAME_OPTIONS='SAMEORIGIN',
|
||||
)
|
||||
def test_x_frame_options_not_deny(self):
|
||||
"""
|
||||
Warn if XFrameOptionsMiddleware is in MIDDLEWARE_CLASSES but
|
||||
Warn if XFrameOptionsMiddleware is in MIDDLEWARE but
|
||||
X_FRAME_OPTIONS isn't 'DENY'.
|
||||
"""
|
||||
self.assertEqual(self.func(None), [base.W019])
|
||||
|
||||
@override_settings(MIDDLEWARE_CLASSES=[], X_FRAME_OPTIONS='SAMEORIGIN')
|
||||
@override_settings(MIDDLEWARE=[], X_FRAME_OPTIONS='SAMEORIGIN')
|
||||
def test_middleware_not_installed(self):
|
||||
"""
|
||||
No error if XFrameOptionsMiddleware isn't in MIDDLEWARE_CLASSES even if
|
||||
No error if XFrameOptionsMiddleware isn't in MIDDLEWARE even if
|
||||
X_FRAME_OPTIONS isn't 'DENY'.
|
||||
"""
|
||||
self.assertEqual(self.func(None), [])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.clickjacking.XFrameOptionsMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.clickjacking.XFrameOptionsMiddleware"],
|
||||
X_FRAME_OPTIONS='DENY',
|
||||
)
|
||||
def test_xframe_deny(self):
|
||||
@@ -340,7 +365,7 @@ class CheckContentTypeNosniffTest(SimpleTestCase):
|
||||
return check_content_type_nosniff
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.security.SecurityMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.security.SecurityMiddleware"],
|
||||
SECURE_CONTENT_TYPE_NOSNIFF=False)
|
||||
def test_no_content_type_nosniff(self):
|
||||
"""
|
||||
@@ -349,17 +374,17 @@ class CheckContentTypeNosniffTest(SimpleTestCase):
|
||||
self.assertEqual(self.func(None), [base.W006])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=[],
|
||||
MIDDLEWARE=[],
|
||||
SECURE_CONTENT_TYPE_NOSNIFF=False)
|
||||
def test_no_content_type_nosniff_no_middleware(self):
|
||||
"""
|
||||
Don't warn if SECURE_CONTENT_TYPE_NOSNIFF isn't True and
|
||||
SecurityMiddleware isn't in MIDDLEWARE_CLASSES.
|
||||
SecurityMiddleware isn't in MIDDLEWARE.
|
||||
"""
|
||||
self.assertEqual(self.func(None), [])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.security.SecurityMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.security.SecurityMiddleware"],
|
||||
SECURE_CONTENT_TYPE_NOSNIFF=True)
|
||||
def test_with_content_type_nosniff(self):
|
||||
self.assertEqual(self.func(None), [])
|
||||
@@ -372,7 +397,7 @@ class CheckXssFilterTest(SimpleTestCase):
|
||||
return check_xss_filter
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.security.SecurityMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.security.SecurityMiddleware"],
|
||||
SECURE_BROWSER_XSS_FILTER=False)
|
||||
def test_no_xss_filter(self):
|
||||
"""
|
||||
@@ -381,17 +406,17 @@ class CheckXssFilterTest(SimpleTestCase):
|
||||
self.assertEqual(self.func(None), [base.W007])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=[],
|
||||
MIDDLEWARE=[],
|
||||
SECURE_BROWSER_XSS_FILTER=False)
|
||||
def test_no_xss_filter_no_middleware(self):
|
||||
"""
|
||||
Don't warn if SECURE_BROWSER_XSS_FILTER isn't True and
|
||||
SecurityMiddleware isn't in MIDDLEWARE_CLASSES.
|
||||
SecurityMiddleware isn't in MIDDLEWARE.
|
||||
"""
|
||||
self.assertEqual(self.func(None), [])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.security.SecurityMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.security.SecurityMiddleware"],
|
||||
SECURE_BROWSER_XSS_FILTER=True)
|
||||
def test_with_xss_filter(self):
|
||||
self.assertEqual(self.func(None), [])
|
||||
@@ -404,7 +429,7 @@ class CheckSSLRedirectTest(SimpleTestCase):
|
||||
return check_ssl_redirect
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.security.SecurityMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.security.SecurityMiddleware"],
|
||||
SECURE_SSL_REDIRECT=False)
|
||||
def test_no_ssl_redirect(self):
|
||||
"""
|
||||
@@ -413,7 +438,7 @@ class CheckSSLRedirectTest(SimpleTestCase):
|
||||
self.assertEqual(self.func(None), [base.W008])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=[],
|
||||
MIDDLEWARE=[],
|
||||
SECURE_SSL_REDIRECT=False)
|
||||
def test_no_ssl_redirect_no_middleware(self):
|
||||
"""
|
||||
@@ -423,7 +448,7 @@ class CheckSSLRedirectTest(SimpleTestCase):
|
||||
self.assertEqual(self.func(None), [])
|
||||
|
||||
@override_settings(
|
||||
MIDDLEWARE_CLASSES=["django.middleware.security.SecurityMiddleware"],
|
||||
MIDDLEWARE=["django.middleware.security.SecurityMiddleware"],
|
||||
SECURE_SSL_REDIRECT=True)
|
||||
def test_with_ssl_redirect(self):
|
||||
self.assertEqual(self.func(None), [])
|
||||
|
||||
Reference in New Issue
Block a user