diff options
| author | Raphael Michel <mail@raphaelmichel.de> | 2016-12-17 15:59:48 +0100 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2016-12-17 09:59:48 -0500 |
| commit | 33e86b3488dbf29f5aeb38cf0ee6597190d33c59 (patch) | |
| tree | 4bad1ccf20f1639f580248a8b323d0e3219236a4 /tests/check_framework | |
| parent | 2f44fa7f069427e2da18a0f6cb2ffc29699f2ca3 (diff) | |
Refs #16859 -- Disabled CSRF_COOKIE_* checks when using CSRF_USE_SESSIONS.
Diffstat (limited to 'tests/check_framework')
| -rw-r--r-- | tests/check_framework/test_security.py | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/tests/check_framework/test_security.py b/tests/check_framework/test_security.py index ebd1ffb0d3..1e6d2fac8b 100644 --- a/tests/check_framework/test_security.py +++ b/tests/check_framework/test_security.py @@ -166,6 +166,17 @@ class CheckCSRFCookieSecureTest(SimpleTestCase): """ self.assertEqual(self.func(None), [csrf.W016]) + @override_settings( + MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"], + CSRF_USE_SESSIONS=True, + CSRF_COOKIE_SECURE=False) + def test_use_sessions_with_csrf_cookie_secure_false(self): + """ + No warning if CSRF_COOKIE_SECURE isn't True while CSRF_USE_SESSIONS + is True. + """ + self.assertEqual(self.func(None), []) + @override_settings(MIDDLEWARE=[], MIDDLEWARE_CLASSES=[], CSRF_COOKIE_SECURE=False) def test_with_csrf_cookie_secure_false_no_middleware(self): """ @@ -197,6 +208,17 @@ class CheckCSRFCookieHttpOnlyTest(SimpleTestCase): """ self.assertEqual(self.func(None), [csrf.W017]) + @override_settings( + MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"], + CSRF_USE_SESSIONS=True, + CSRF_COOKIE_HTTPONLY=False) + def test_use_sessions_with_csrf_cookie_httponly_false(self): + """ + No warning if CSRF_COOKIE_HTTPONLY isn't True while CSRF_USE_SESSIONS + is True. + """ + self.assertEqual(self.func(None), []) + @override_settings(MIDDLEWARE=[], MIDDLEWARE_CLASSES=[], CSRF_COOKIE_HTTPONLY=False) def test_with_csrf_cookie_httponly_false_no_middleware(self): """ |