Fixed #29406 -- Added support for Referrer-Policy header.

Thanks to James Bennett for the initial implementation.
author: Nick Pope <nick.pope@flightdataservices.com> 2019-03-21 21:33:41 +0000
committer: Carlton Gibson <carlton.gibson@noumenal.es> 2019-09-09 13:35:41 +0200
commit: 406dba04e1482a308cad74e3d06c050c76ba2d16 (patch)
tree: d5ec1f049f18481b620d993938d21de83d547673 /tests/check_framework/test_security.py
parent: 1edbb6c19405a629200ba3683968f3dba2744e7e (diff)
1 files changed, 43 insertions, 0 deletions
diff --git a/tests/check_framework/test_security.py b/tests/check_framework/test_security.py
index e6728606ef..4c1869d272 100644
--- a/tests/check_framework/test_security.py
+++ b/tests/check_framework/test_security.py
@@ -502,3 +502,46 @@ class CheckAllowedHostsTest(SimpleTestCase):
     @override_settings(ALLOWED_HOSTS=['.example.com'])
     def test_allowed_hosts_set(self):
         self.assertEqual(self.func(None), [])
+
+
+class CheckReferrerPolicyTest(SimpleTestCase):
+
+    @property
+    def func(self):
+        from django.core.checks.security.base import check_referrer_policy
+        return check_referrer_policy
+
+    @override_settings(
+        MIDDLEWARE=['django.middleware.security.SecurityMiddleware'],
+        SECURE_REFERRER_POLICY=None,
+    )
+    def test_no_referrer_policy(self):
+        self.assertEqual(self.func(None), [base.W022])
+
+    @override_settings(MIDDLEWARE=[], SECURE_REFERRER_POLICY=None)
+    def test_no_referrer_policy_no_middleware(self):
+        """
+        Don't warn if SECURE_REFERRER_POLICY is None and SecurityMiddleware
+        isn't in MIDDLEWARE.
+        """
+        self.assertEqual(self.func(None), [])
+
+    @override_settings(MIDDLEWARE=['django.middleware.security.SecurityMiddleware'])
+    def test_with_referrer_policy(self):
+        tests = (
+            'strict-origin',
+            'strict-origin,origin',
+            'strict-origin, origin',
+            ['strict-origin', 'origin'],
+            ('strict-origin', 'origin'),
+        )
+        for value in tests:
+            with self.subTest(value=value), override_settings(SECURE_REFERRER_POLICY=value):
+                self.assertEqual(self.func(None), [])
+
+    @override_settings(
+        MIDDLEWARE=['django.middleware.security.SecurityMiddleware'],
+        SECURE_REFERRER_POLICY='invalid-value',
+    )
+    def test_with_invalid_referrer_policy(self):
+        self.assertEqual(self.func(None), [base.E023])
author	Nick Pope <nick.pope@flightdataservices.com>	2019-03-21 21:33:41 +0000
committer	Carlton Gibson <carlton.gibson@noumenal.es>	2019-09-09 13:35:41 +0200
commit	406dba04e1482a308cad74e3d06c050c76ba2d16 (patch)
tree	d5ec1f049f18481b620d993938d21de83d547673 /tests/check_framework/test_security.py
parent	1edbb6c19405a629200ba3683968f3dba2744e7e (diff)