mirror of
https://github.com/django/django.git
synced 2025-10-23 21:59:11 +00:00
Fixed #31840 -- Added support for Cross-Origin Opener Policy header.
Thanks Adam Johnson and Tim Graham for the reviews. Co-authored-by: Tim Graham <timograham@gmail.com>
This commit is contained in:
@@ -282,3 +282,42 @@ class SecurityMiddlewareTest(SimpleTestCase):
|
||||
"""
|
||||
response = self.process_response(headers={'Referrer-Policy': 'unsafe-url'})
|
||||
self.assertEqual(response.headers['Referrer-Policy'], 'unsafe-url')
|
||||
|
||||
@override_settings(SECURE_CROSS_ORIGIN_OPENER_POLICY=None)
|
||||
def test_coop_off(self):
|
||||
"""
|
||||
With SECURE_CROSS_ORIGIN_OPENER_POLICY set to None, the middleware does
|
||||
not add a "Cross-Origin-Opener-Policy" header to the response.
|
||||
"""
|
||||
self.assertNotIn('Cross-Origin-Opener-Policy', self.process_response())
|
||||
|
||||
def test_coop_default(self):
|
||||
"""SECURE_CROSS_ORIGIN_OPENER_POLICY defaults to same-origin."""
|
||||
self.assertEqual(
|
||||
self.process_response().headers['Cross-Origin-Opener-Policy'],
|
||||
'same-origin',
|
||||
)
|
||||
|
||||
def test_coop_on(self):
|
||||
"""
|
||||
With SECURE_CROSS_ORIGIN_OPENER_POLICY set to a valid value, the
|
||||
middleware adds a "Cross-Origin_Opener-Policy" header to the response.
|
||||
"""
|
||||
tests = ['same-origin', 'same-origin-allow-popups', 'unsafe-none']
|
||||
for value in tests:
|
||||
with self.subTest(value=value), override_settings(
|
||||
SECURE_CROSS_ORIGIN_OPENER_POLICY=value,
|
||||
):
|
||||
self.assertEqual(
|
||||
self.process_response().headers['Cross-Origin-Opener-Policy'],
|
||||
value,
|
||||
)
|
||||
|
||||
@override_settings(SECURE_CROSS_ORIGIN_OPENER_POLICY='unsafe-none')
|
||||
def test_coop_already_present(self):
|
||||
"""
|
||||
The middleware doesn't override a "Cross-Origin-Opener-Policy" header
|
||||
already present in the response.
|
||||
"""
|
||||
response = self.process_response(headers={'Cross-Origin-Opener-Policy': 'same-origin'})
|
||||
self.assertEqual(response.headers['Cross-Origin-Opener-Policy'], 'same-origin')
|
||||
|
Reference in New Issue
Block a user