From db5b75f10fe211af9fab9094f937436760db8488 Mon Sep 17 00:00:00 2001 From: bankc Date: Wed, 26 Aug 2020 12:09:19 -0400 Subject: Fixed #31840 -- Added support for Cross-Origin Opener Policy header. Thanks Adam Johnson and Tim Graham for the reviews. Co-authored-by: Tim Graham --- tests/check_framework/test_security.py | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'tests/check_framework') diff --git a/tests/check_framework/test_security.py b/tests/check_framework/test_security.py index 3a3b9cf774..774ba068f9 100644 --- a/tests/check_framework/test_security.py +++ b/tests/check_framework/test_security.py @@ -504,3 +504,28 @@ class CSRFFailureViewTest(SimpleTestCase): csrf.check_csrf_failure_view(None), [Error(msg, id='security.E101')], ) + + +class CheckCrossOriginOpenerPolicyTest(SimpleTestCase): + @override_settings( + MIDDLEWARE=['django.middleware.security.SecurityMiddleware'], + SECURE_CROSS_ORIGIN_OPENER_POLICY=None, + ) + def test_no_coop(self): + self.assertEqual(base.check_cross_origin_opener_policy(None), []) + + @override_settings(MIDDLEWARE=['django.middleware.security.SecurityMiddleware']) + def test_with_coop(self): + tests = ['same-origin', 'same-origin-allow-popups', 'unsafe-none'] + for value in tests: + with self.subTest(value=value), override_settings( + SECURE_CROSS_ORIGIN_OPENER_POLICY=value, + ): + self.assertEqual(base.check_cross_origin_opener_policy(None), []) + + @override_settings( + MIDDLEWARE=['django.middleware.security.SecurityMiddleware'], + SECURE_CROSS_ORIGIN_OPENER_POLICY='invalid-value', + ) + def test_with_invalid_coop(self): + self.assertEqual(base.check_cross_origin_opener_policy(None), [base.E024]) -- cgit v1.3