summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lomax <lomax.on.the.run@gmail.com>2023-04-26 06:48:33 +0100
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2023-05-20 15:23:52 +0200
commitb43936f2ec37f47277899a91a5464091bd80ad3a (patch)
tree751426926029a13344c3c5c22add90af4fafd36c
parenta2da81fe083a9dbc37b8355c25fdc23e3b58d16f (diff)
Moved clickjacking decorator tests into decorators/test_clickjacking.py.
This also adds extra assertions.
-rw-r--r--tests/decorators/test_clickjacking.py50
-rw-r--r--tests/decorators/tests.py57
2 files changed, 50 insertions, 57 deletions
diff --git a/tests/decorators/test_clickjacking.py b/tests/decorators/test_clickjacking.py
new file mode 100644
index 0000000000..278950082d
--- /dev/null
+++ b/tests/decorators/test_clickjacking.py
@@ -0,0 +1,50 @@
+from django.http import HttpRequest, HttpResponse
+from django.middleware.clickjacking import XFrameOptionsMiddleware
+from django.test import SimpleTestCase
+from django.views.decorators.clickjacking import (
+ xframe_options_deny,
+ xframe_options_exempt,
+ xframe_options_sameorigin,
+)
+
+
+class XFrameOptionsDenyTests(SimpleTestCase):
+ def test_decorator_sets_x_frame_options_to_deny(self):
+ @xframe_options_deny
+ def a_view(request):
+ return HttpResponse()
+
+ response = a_view(HttpRequest())
+ self.assertEqual(response.headers["X-Frame-Options"], "DENY")
+
+
+class XFrameOptionsSameoriginTests(SimpleTestCase):
+ def test_decorator_sets_x_frame_options_to_sameorigin(self):
+ @xframe_options_sameorigin
+ def a_view(request):
+ return HttpResponse()
+
+ response = a_view(HttpRequest())
+ self.assertEqual(response.headers["X-Frame-Options"], "SAMEORIGIN")
+
+
+class XFrameOptionsExemptTests(SimpleTestCase):
+ def test_decorator_stops_x_frame_options_being_set(self):
+ """
+ @xframe_options_exempt instructs the XFrameOptionsMiddleware to NOT set
+ the header.
+ """
+
+ @xframe_options_exempt
+ def a_view(request):
+ return HttpResponse()
+
+ request = HttpRequest()
+ response = a_view(request)
+ self.assertIsNone(response.get("X-Frame-Options", None))
+ self.assertIs(response.xframe_options_exempt, True)
+
+ # The real purpose of the exempt decorator is to suppress the
+ # middleware's functionality.
+ middleware_response = XFrameOptionsMiddleware(a_view)(request)
+ self.assertIsNone(middleware_response.get("X-Frame-Options"))
diff --git a/tests/decorators/tests.py b/tests/decorators/tests.py
index 48f24503d0..2d10c33188 100644
--- a/tests/decorators/tests.py
+++ b/tests/decorators/tests.py
@@ -8,17 +8,11 @@ from django.contrib.auth.decorators import (
user_passes_test,
)
from django.http import HttpRequest, HttpResponse, HttpResponseNotAllowed
-from django.middleware.clickjacking import XFrameOptionsMiddleware
from django.test import SimpleTestCase
from django.utils.decorators import method_decorator
from django.utils.functional import keep_lazy, keep_lazy_text, lazy
from django.utils.safestring import mark_safe
from django.views.decorators.cache import cache_control, cache_page, never_cache
-from django.views.decorators.clickjacking import (
- xframe_options_deny,
- xframe_options_exempt,
- xframe_options_sameorigin,
-)
from django.views.decorators.http import (
condition,
require_GET,
@@ -463,54 +457,3 @@ class MethodDecoratorTests(SimpleTestCase):
Test().method()
self.assertEqual(func_name, "method")
self.assertIsNotNone(func_module)
-
-
-class XFrameOptionsDecoratorsTests(TestCase):
- """
- Tests for the X-Frame-Options decorators.
- """
-
- def test_deny_decorator(self):
- """
- Ensures @xframe_options_deny properly sets the X-Frame-Options header.
- """
-
- @xframe_options_deny
- def a_view(request):
- return HttpResponse()
-
- r = a_view(HttpRequest())
- self.assertEqual(r.headers["X-Frame-Options"], "DENY")
-
- def test_sameorigin_decorator(self):
- """
- Ensures @xframe_options_sameorigin properly sets the X-Frame-Options
- header.
- """
-
- @xframe_options_sameorigin
- def a_view(request):
- return HttpResponse()
-
- r = a_view(HttpRequest())
- self.assertEqual(r.headers["X-Frame-Options"], "SAMEORIGIN")
-
- def test_exempt_decorator(self):
- """
- Ensures @xframe_options_exempt properly instructs the
- XFrameOptionsMiddleware to NOT set the header.
- """
-
- @xframe_options_exempt
- def a_view(request):
- return HttpResponse()
-
- req = HttpRequest()
- resp = a_view(req)
- self.assertIsNone(resp.get("X-Frame-Options", None))
- self.assertTrue(resp.xframe_options_exempt)
-
- # Since the real purpose of the exempt decorator is to suppress
- # the middleware's functionality, let's make sure it actually works...
- r = XFrameOptionsMiddleware(a_view)(req)
- self.assertIsNone(r.get("X-Frame-Options", None))