mirror of
				https://github.com/django/django.git
				synced 2025-10-26 23:26:08 +00:00 
			
		
		
		
	[2.2.x] Corrected settings names in SecurityMiddleware tests.
Backport of 413d50b5ff from master.
			
			
This commit is contained in:
		| @@ -43,7 +43,7 @@ class SecurityMiddlewareTest(SimpleTestCase): | |||||||
|     @override_settings(SECURE_HSTS_SECONDS=3600) |     @override_settings(SECURE_HSTS_SECONDS=3600) | ||||||
|     def test_sts_on(self): |     def test_sts_on(self): | ||||||
|         """ |         """ | ||||||
|         With HSTS_SECONDS=3600, the middleware adds |         With SECURE_HSTS_SECONDS=3600, the middleware adds | ||||||
|         "Strict-Transport-Security: max-age=3600" to the response. |         "Strict-Transport-Security: max-age=3600" to the response. | ||||||
|         """ |         """ | ||||||
|         self.assertEqual( |         self.assertEqual( | ||||||
| @@ -62,7 +62,7 @@ class SecurityMiddlewareTest(SimpleTestCase): | |||||||
|             headers={"Strict-Transport-Security": "max-age=7200"}) |             headers={"Strict-Transport-Security": "max-age=7200"}) | ||||||
|         self.assertEqual(response["Strict-Transport-Security"], "max-age=7200") |         self.assertEqual(response["Strict-Transport-Security"], "max-age=7200") | ||||||
|  |  | ||||||
|     @override_settings(HSTS_SECONDS=3600) |     @override_settings(SECURE_HSTS_SECONDS=3600) | ||||||
|     def test_sts_only_if_secure(self): |     def test_sts_only_if_secure(self): | ||||||
|         """ |         """ | ||||||
|         The "Strict-Transport-Security" header is not added to responses going |         The "Strict-Transport-Security" header is not added to responses going | ||||||
| @@ -70,30 +70,28 @@ class SecurityMiddlewareTest(SimpleTestCase): | |||||||
|         """ |         """ | ||||||
|         self.assertNotIn("Strict-Transport-Security", self.process_response(secure=False)) |         self.assertNotIn("Strict-Transport-Security", self.process_response(secure=False)) | ||||||
|  |  | ||||||
|     @override_settings(HSTS_SECONDS=0) |     @override_settings(SECURE_HSTS_SECONDS=0) | ||||||
|     def test_sts_off(self): |     def test_sts_off(self): | ||||||
|         """ |         """ | ||||||
|         With HSTS_SECONDS of 0, the middleware does not add a |         With SECURE_HSTS_SECONDS=0, the middleware does not add a | ||||||
|         "Strict-Transport-Security" header to the response. |         "Strict-Transport-Security" header to the response. | ||||||
|         """ |         """ | ||||||
|         self.assertNotIn("Strict-Transport-Security", self.process_response(secure=True)) |         self.assertNotIn("Strict-Transport-Security", self.process_response(secure=True)) | ||||||
|  |  | ||||||
|     @override_settings( |     @override_settings(SECURE_HSTS_SECONDS=600, SECURE_HSTS_INCLUDE_SUBDOMAINS=True) | ||||||
|         SECURE_HSTS_SECONDS=600, SECURE_HSTS_INCLUDE_SUBDOMAINS=True) |  | ||||||
|     def test_sts_include_subdomains(self): |     def test_sts_include_subdomains(self): | ||||||
|         """ |         """ | ||||||
|         With HSTS_SECONDS non-zero and HSTS_INCLUDE_SUBDOMAINS |         With SECURE_HSTS_SECONDS non-zero and SECURE_HSTS_INCLUDE_SUBDOMAINS | ||||||
|         True, the middleware adds a "Strict-Transport-Security" header with the |         True, the middleware adds a "Strict-Transport-Security" header with the | ||||||
|         "includeSubDomains" directive to the response. |         "includeSubDomains" directive to the response. | ||||||
|         """ |         """ | ||||||
|         response = self.process_response(secure=True) |         response = self.process_response(secure=True) | ||||||
|         self.assertEqual(response["Strict-Transport-Security"], "max-age=600; includeSubDomains") |         self.assertEqual(response["Strict-Transport-Security"], "max-age=600; includeSubDomains") | ||||||
|  |  | ||||||
|     @override_settings( |     @override_settings(SECURE_HSTS_SECONDS=600, SECURE_HSTS_INCLUDE_SUBDOMAINS=False) | ||||||
|         SECURE_HSTS_SECONDS=600, SECURE_HSTS_INCLUDE_SUBDOMAINS=False) |  | ||||||
|     def test_sts_no_include_subdomains(self): |     def test_sts_no_include_subdomains(self): | ||||||
|         """ |         """ | ||||||
|         With HSTS_SECONDS non-zero and HSTS_INCLUDE_SUBDOMAINS |         With SECURE_HSTS_SECONDS non-zero and SECURE_HSTS_INCLUDE_SUBDOMAINS | ||||||
|         False, the middleware adds a "Strict-Transport-Security" header without |         False, the middleware adds a "Strict-Transport-Security" header without | ||||||
|         the "includeSubDomains" directive to the response. |         the "includeSubDomains" directive to the response. | ||||||
|         """ |         """ | ||||||
| @@ -103,9 +101,9 @@ class SecurityMiddlewareTest(SimpleTestCase): | |||||||
|     @override_settings(SECURE_HSTS_SECONDS=10886400, SECURE_HSTS_PRELOAD=True) |     @override_settings(SECURE_HSTS_SECONDS=10886400, SECURE_HSTS_PRELOAD=True) | ||||||
|     def test_sts_preload(self): |     def test_sts_preload(self): | ||||||
|         """ |         """ | ||||||
|         With HSTS_SECONDS non-zero and SECURE_HSTS_PRELOAD True, the middleware |         With SECURE_HSTS_SECONDS non-zero and SECURE_HSTS_PRELOAD True, the | ||||||
|         adds a "Strict-Transport-Security" header with the "preload" directive |         middleware adds a "Strict-Transport-Security" header with the "preload" | ||||||
|         to the response. |         directive to the response. | ||||||
|         """ |         """ | ||||||
|         response = self.process_response(secure=True) |         response = self.process_response(secure=True) | ||||||
|         self.assertEqual(response["Strict-Transport-Security"], "max-age=10886400; preload") |         self.assertEqual(response["Strict-Transport-Security"], "max-age=10886400; preload") | ||||||
| @@ -113,7 +111,7 @@ class SecurityMiddlewareTest(SimpleTestCase): | |||||||
|     @override_settings(SECURE_HSTS_SECONDS=10886400, SECURE_HSTS_INCLUDE_SUBDOMAINS=True, SECURE_HSTS_PRELOAD=True) |     @override_settings(SECURE_HSTS_SECONDS=10886400, SECURE_HSTS_INCLUDE_SUBDOMAINS=True, SECURE_HSTS_PRELOAD=True) | ||||||
|     def test_sts_subdomains_and_preload(self): |     def test_sts_subdomains_and_preload(self): | ||||||
|         """ |         """ | ||||||
|         With HSTS_SECONDS non-zero, SECURE_HSTS_INCLUDE_SUBDOMAINS and |         With SECURE_HSTS_SECONDS non-zero, SECURE_HSTS_INCLUDE_SUBDOMAINS and | ||||||
|         SECURE_HSTS_PRELOAD True, the middleware adds a "Strict-Transport-Security" |         SECURE_HSTS_PRELOAD True, the middleware adds a "Strict-Transport-Security" | ||||||
|         header containing both the "includeSubDomains" and "preload" directives |         header containing both the "includeSubDomains" and "preload" directives | ||||||
|         to the response. |         to the response. | ||||||
| @@ -124,7 +122,7 @@ class SecurityMiddlewareTest(SimpleTestCase): | |||||||
|     @override_settings(SECURE_HSTS_SECONDS=10886400, SECURE_HSTS_PRELOAD=False) |     @override_settings(SECURE_HSTS_SECONDS=10886400, SECURE_HSTS_PRELOAD=False) | ||||||
|     def test_sts_no_preload(self): |     def test_sts_no_preload(self): | ||||||
|         """ |         """ | ||||||
|         With HSTS_SECONDS non-zero and SECURE_HSTS_PRELOAD |         With SECURE_HSTS_SECONDS non-zero and SECURE_HSTS_PRELOAD | ||||||
|         False, the middleware adds a "Strict-Transport-Security" header without |         False, the middleware adds a "Strict-Transport-Security" header without | ||||||
|         the "preload" directive to the response. |         the "preload" directive to the response. | ||||||
|         """ |         """ | ||||||
| @@ -134,7 +132,7 @@ class SecurityMiddlewareTest(SimpleTestCase): | |||||||
|     @override_settings(SECURE_CONTENT_TYPE_NOSNIFF=True) |     @override_settings(SECURE_CONTENT_TYPE_NOSNIFF=True) | ||||||
|     def test_content_type_on(self): |     def test_content_type_on(self): | ||||||
|         """ |         """ | ||||||
|         With CONTENT_TYPE_NOSNIFF set to True, the middleware adds |         With SECURE_CONTENT_TYPE_NOSNIFF set to True, the middleware adds | ||||||
|         "X-Content-Type-Options: nosniff" header to the response. |         "X-Content-Type-Options: nosniff" header to the response. | ||||||
|         """ |         """ | ||||||
|         self.assertEqual(self.process_response()["X-Content-Type-Options"], "nosniff") |         self.assertEqual(self.process_response()["X-Content-Type-Options"], "nosniff") | ||||||
| @@ -151,7 +149,7 @@ class SecurityMiddlewareTest(SimpleTestCase): | |||||||
|     @override_settings(SECURE_CONTENT_TYPE_NOSNIFF=False) |     @override_settings(SECURE_CONTENT_TYPE_NOSNIFF=False) | ||||||
|     def test_content_type_off(self): |     def test_content_type_off(self): | ||||||
|         """ |         """ | ||||||
|         With CONTENT_TYPE_NOSNIFF False, the middleware does not add an |         With SECURE_CONTENT_TYPE_NOSNIFF False, the middleware does not add an | ||||||
|         "X-Content-Type-Options" header to the response. |         "X-Content-Type-Options" header to the response. | ||||||
|         """ |         """ | ||||||
|         self.assertNotIn("X-Content-Type-Options", self.process_response()) |         self.assertNotIn("X-Content-Type-Options", self.process_response()) | ||||||
| @@ -159,12 +157,10 @@ class SecurityMiddlewareTest(SimpleTestCase): | |||||||
|     @override_settings(SECURE_BROWSER_XSS_FILTER=True) |     @override_settings(SECURE_BROWSER_XSS_FILTER=True) | ||||||
|     def test_xss_filter_on(self): |     def test_xss_filter_on(self): | ||||||
|         """ |         """ | ||||||
|         With BROWSER_XSS_FILTER set to True, the middleware adds |         With SECURE_BROWSER_XSS_FILTER set to True, the middleware adds | ||||||
|         "s-xss-protection: 1; mode=block" header to the response. |         "s-xss-protection: 1; mode=block" header to the response. | ||||||
|         """ |         """ | ||||||
|         self.assertEqual( |         self.assertEqual(self.process_response()["X-XSS-Protection"], "1; mode=block") | ||||||
|             self.process_response()["X-XSS-Protection"], |  | ||||||
|             "1; mode=block") |  | ||||||
|  |  | ||||||
|     @override_settings(SECURE_BROWSER_XSS_FILTER=True) |     @override_settings(SECURE_BROWSER_XSS_FILTER=True) | ||||||
|     def test_xss_filter_already_present(self): |     def test_xss_filter_already_present(self): | ||||||
| @@ -175,24 +171,23 @@ class SecurityMiddlewareTest(SimpleTestCase): | |||||||
|         response = self.process_response(secure=True, headers={"X-XSS-Protection": "foo"}) |         response = self.process_response(secure=True, headers={"X-XSS-Protection": "foo"}) | ||||||
|         self.assertEqual(response["X-XSS-Protection"], "foo") |         self.assertEqual(response["X-XSS-Protection"], "foo") | ||||||
|  |  | ||||||
|     @override_settings(BROWSER_XSS_FILTER=False) |     @override_settings(SECURE_BROWSER_XSS_FILTER=False) | ||||||
|     def test_xss_filter_off(self): |     def test_xss_filter_off(self): | ||||||
|         """ |         """ | ||||||
|         With BROWSER_XSS_FILTER set to False, the middleware does not add an |         With SECURE_BROWSER_XSS_FILTER set to False, the middleware does not | ||||||
|         "X-XSS-Protection" header to the response. |         add an "X-XSS-Protection" header to the response. | ||||||
|         """ |         """ | ||||||
|         self.assertNotIn("X-XSS-Protection", self.process_response()) |         self.assertNotIn("X-XSS-Protection", self.process_response()) | ||||||
|  |  | ||||||
|     @override_settings(SECURE_SSL_REDIRECT=True) |     @override_settings(SECURE_SSL_REDIRECT=True) | ||||||
|     def test_ssl_redirect_on(self): |     def test_ssl_redirect_on(self): | ||||||
|         """ |         """ | ||||||
|         With SSL_REDIRECT True, the middleware redirects any non-secure |         With SECURE_SSL_REDIRECT True, the middleware redirects any non-secure | ||||||
|         requests to the https:// version of the same URL. |         requests to the https:// version of the same URL. | ||||||
|         """ |         """ | ||||||
|         ret = self.process_request("get", "/some/url?query=string") |         ret = self.process_request("get", "/some/url?query=string") | ||||||
|         self.assertEqual(ret.status_code, 301) |         self.assertEqual(ret.status_code, 301) | ||||||
|         self.assertEqual( |         self.assertEqual(ret["Location"], "https://testserver/some/url?query=string") | ||||||
|             ret["Location"], "https://testserver/some/url?query=string") |  | ||||||
|  |  | ||||||
|     @override_settings(SECURE_SSL_REDIRECT=True) |     @override_settings(SECURE_SSL_REDIRECT=True) | ||||||
|     def test_no_redirect_ssl(self): |     def test_no_redirect_ssl(self): | ||||||
| @@ -202,8 +197,7 @@ class SecurityMiddlewareTest(SimpleTestCase): | |||||||
|         ret = self.process_request("get", "/some/url", secure=True) |         ret = self.process_request("get", "/some/url", secure=True) | ||||||
|         self.assertIsNone(ret) |         self.assertIsNone(ret) | ||||||
|  |  | ||||||
|     @override_settings( |     @override_settings(SECURE_SSL_REDIRECT=True, SECURE_REDIRECT_EXEMPT=["^insecure/"]) | ||||||
|         SECURE_SSL_REDIRECT=True, SECURE_REDIRECT_EXEMPT=["^insecure/"]) |  | ||||||
|     def test_redirect_exempt(self): |     def test_redirect_exempt(self): | ||||||
|         """ |         """ | ||||||
|         The middleware does not redirect requests with URL path matching an |         The middleware does not redirect requests with URL path matching an | ||||||
| @@ -212,11 +206,10 @@ class SecurityMiddlewareTest(SimpleTestCase): | |||||||
|         ret = self.process_request("get", "/insecure/page") |         ret = self.process_request("get", "/insecure/page") | ||||||
|         self.assertIsNone(ret) |         self.assertIsNone(ret) | ||||||
|  |  | ||||||
|     @override_settings( |     @override_settings(SECURE_SSL_REDIRECT=True, SECURE_SSL_HOST="secure.example.com") | ||||||
|         SECURE_SSL_REDIRECT=True, SECURE_SSL_HOST="secure.example.com") |  | ||||||
|     def test_redirect_ssl_host(self): |     def test_redirect_ssl_host(self): | ||||||
|         """ |         """ | ||||||
|         The middleware redirects to SSL_HOST if given. |         The middleware redirects to SECURE_SSL_HOST if given. | ||||||
|         """ |         """ | ||||||
|         ret = self.process_request("get", "/some/url") |         ret = self.process_request("get", "/some/url") | ||||||
|         self.assertEqual(ret.status_code, 301) |         self.assertEqual(ret.status_code, 301) | ||||||
| @@ -225,7 +218,7 @@ class SecurityMiddlewareTest(SimpleTestCase): | |||||||
|     @override_settings(SECURE_SSL_REDIRECT=False) |     @override_settings(SECURE_SSL_REDIRECT=False) | ||||||
|     def test_ssl_redirect_off(self): |     def test_ssl_redirect_off(self): | ||||||
|         """ |         """ | ||||||
|         With SSL_REDIRECT False, the middleware does no redirect. |         With SECURE_SSL_REDIRECT False, the middleware does not redirect. | ||||||
|         """ |         """ | ||||||
|         ret = self.process_request("get", "/some/url") |         ret = self.process_request("get", "/some/url") | ||||||
|         self.assertIsNone(ret) |         self.assertIsNone(ret) | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user