diff options
| author | Johannes Maron <johannes@maron.family> | 2026-05-20 14:44:43 +0200 |
|---|---|---|
| committer | Jacob Walls <jacobtylerwalls@gmail.com> | 2026-05-20 09:30:52 -0400 |
| commit | 9b4433948714d5c43bab96b08bb6618c22512000 (patch) | |
| tree | 2b96efeff22b3775f485ba30a8ad163b08e61d04 | |
| parent | 8fd29079ed1253f0cd88ccf330de30271a5d15e4 (diff) | |
Refs #36825 -- Fixed regression in CSPSeleniumTestCase.
The CSP report test relied on the debug view having a CSP error,
which has been fixed in 3e4e0db. This commit added a custom
view to reintroduce the same error to verify the reporting
behavior.
Follow-up to 3e4e0db66961a48a080ff3ff91f6c0d954261366.
| -rw-r--r-- | tests/middleware/test_csp.py | 7 | ||||
| -rw-r--r-- | tests/middleware/urls.py | 3 | ||||
| -rw-r--r-- | tests/middleware/views.py | 15 |
3 files changed, 15 insertions, 10 deletions
diff --git a/tests/middleware/test_csp.py b/tests/middleware/test_csp.py index baf04d7650..fcdb9a1c15 100644 --- a/tests/middleware/test_csp.py +++ b/tests/middleware/test_csp.py @@ -177,13 +177,6 @@ class CSPMiddlewareWithDecoratedViewsTest(SimpleTestCase): @override_settings( ROOT_URLCONF="middleware.urls", - SECURE_CSP_REPORT_ONLY={ - "default-src": [CSP.NONE], - "img-src": [CSP.SELF], - "script-src": [CSP.SELF], - "style-src": [CSP.SELF], - "report-uri": "/csp-report/", - }, ) @modify_settings( MIDDLEWARE={"append": "django.middleware.csp.ContentSecurityPolicyMiddleware"} diff --git a/tests/middleware/urls.py b/tests/middleware/urls.py index bbd68d2050..b14343bdd6 100644 --- a/tests/middleware/urls.py +++ b/tests/middleware/urls.py @@ -1,5 +1,4 @@ from django.urls import path, re_path -from django.views.debug import default_urlconf from . import views @@ -13,7 +12,7 @@ urlpatterns = [ path("sensitive_fbv/", views.sensitive_fbv), path("sensitive_cbv/", views.SensitiveCBV.as_view()), # Used in CSP tests. - path("csp-failure/", default_urlconf), + path("csp-failure/", views.csp_failure), path("csp-report/", views.csp_report_view), path("csp-base/", views.empty_view), path("csp-nonce/", views.csp_nonce), diff --git a/tests/middleware/views.py b/tests/middleware/views.py index 716ddec5fd..f7047f57cc 100644 --- a/tests/middleware/views.py +++ b/tests/middleware/views.py @@ -5,7 +5,7 @@ from django.http import HttpResponse from django.middleware.csp import get_nonce from django.utils.csp import CSP from django.utils.decorators import method_decorator -from django.views.debug import technical_500_response +from django.views.debug import default_urlconf, technical_500_response from django.views.decorators.common import no_append_slash from django.views.decorators.csp import csp_override, csp_report_only_override from django.views.decorators.csrf import csrf_exempt @@ -53,6 +53,19 @@ csp_policy_override = { } +@csp_override( + { + "default-src": [CSP.NONE], + "img-src": [CSP.SELF], + "script-src": [CSP.SELF], + "style-src": [CSP.SELF], + "report-uri": "/csp-report/", + } +) +def csp_failure(request): + return default_urlconf(request) + + @csp_override(csp_policy_override) def csp_override_enforced(request): return HttpResponse() |