summaryrefslogtreecommitdiff
path: root/tests/check_framework
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2016-12-19 17:56:58 -0500
committerGitHub <noreply@github.com>2016-12-19 17:56:58 -0500
commitc27104a9c74bc9d9e552d41f53468b103749e110 (patch)
tree994d783b44ce2cca39bbd65cf286ffab20f409a8 /tests/check_framework
parent1a04b1762b50ea4d09eb1dc192d57172750b80aa (diff)
Fixed #27611 -- Doc'd that CSRF_COOKIE_HTTPONLY setting offers no security.
Diffstat (limited to 'tests/check_framework')
-rw-r--r--tests/check_framework/test_security.py42
1 files changed, 0 insertions, 42 deletions
diff --git a/tests/check_framework/test_security.py b/tests/check_framework/test_security.py
index 1e6d2fac8b..8c3b73d8bb 100644
--- a/tests/check_framework/test_security.py
+++ b/tests/check_framework/test_security.py
@@ -192,48 +192,6 @@ class CheckCSRFCookieSecureTest(SimpleTestCase):
self.assertEqual(self.func(None), [])
-class CheckCSRFCookieHttpOnlyTest(SimpleTestCase):
- @property
- def func(self):
- from django.core.checks.security.csrf import check_csrf_cookie_httponly
- return check_csrf_cookie_httponly
-
- @override_settings(
- MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"],
- CSRF_COOKIE_HTTPONLY=False)
- def test_with_csrf_cookie_httponly_false(self):
- """
- Warn if CsrfViewMiddleware is in MIDDLEWARE but
- CSRF_COOKIE_HTTPONLY isn't True.
- """
- self.assertEqual(self.func(None), [csrf.W017])
-
- @override_settings(
- MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"],
- CSRF_USE_SESSIONS=True,
- CSRF_COOKIE_HTTPONLY=False)
- def test_use_sessions_with_csrf_cookie_httponly_false(self):
- """
- No warning if CSRF_COOKIE_HTTPONLY isn't True while CSRF_USE_SESSIONS
- is True.
- """
- self.assertEqual(self.func(None), [])
-
- @override_settings(MIDDLEWARE=[], MIDDLEWARE_CLASSES=[], CSRF_COOKIE_HTTPONLY=False)
- def test_with_csrf_cookie_httponly_false_no_middleware(self):
- """
- No warning if CsrfViewMiddleware isn't in MIDDLEWARE, even if
- CSRF_COOKIE_HTTPONLY is False.
- """
- self.assertEqual(self.func(None), [])
-
- @override_settings(
- MIDDLEWARE=["django.middleware.csrf.CsrfViewMiddleware"],
- CSRF_COOKIE_HTTPONLY=True)
- def test_with_csrf_cookie_httponly_true(self):
- self.assertEqual(self.func(None), [])
-
-
class CheckSecurityMiddlewareTest(SimpleTestCase):
@property
def func(self):
generated by cgit v1.3 (git 2.53.0) at 2026-05-02 04:10:34 +0000