diff options
| author | Tom Carrick <tom@carrick.eu> | 2020-07-14 13:32:24 +0200 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2020-09-14 08:41:59 +0200 |
| commit | bcc2befd0e9c1885e45b46d0b0bcdc11def8b249 (patch) | |
| tree | 59fab69a3182286da87fcd6fe05a8ce0f4277a5a /tests/middleware | |
| parent | 71ae1ab0123582cc5bfe0f7d5f4cc19a9412f396 (diff) | |
Fixed #31789 -- Added a new headers interface to HttpResponse.
Diffstat (limited to 'tests/middleware')
| -rw-r--r-- | tests/middleware/test_security.py | 65 | ||||
| -rw-r--r-- | tests/middleware/tests.py | 48 |
2 files changed, 70 insertions, 43 deletions
diff --git a/tests/middleware/test_security.py b/tests/middleware/test_security.py index d907c25166..d766643b9b 100644 --- a/tests/middleware/test_security.py +++ b/tests/middleware/test_security.py @@ -17,7 +17,7 @@ class SecurityMiddlewareTest(SimpleTestCase): response = HttpResponse(*args, **kwargs) if headers: for k, v in headers.items(): - response[k] = v + response.headers[k] = v return response return get_response @@ -47,7 +47,7 @@ class SecurityMiddlewareTest(SimpleTestCase): "Strict-Transport-Security: max-age=3600" to the response. """ self.assertEqual( - self.process_response(secure=True)["Strict-Transport-Security"], + self.process_response(secure=True).headers['Strict-Transport-Security'], 'max-age=3600', ) @@ -60,7 +60,7 @@ class SecurityMiddlewareTest(SimpleTestCase): response = self.process_response( secure=True, headers={"Strict-Transport-Security": "max-age=7200"}) - self.assertEqual(response["Strict-Transport-Security"], "max-age=7200") + self.assertEqual(response.headers["Strict-Transport-Security"], "max-age=7200") @override_settings(SECURE_HSTS_SECONDS=3600) def test_sts_only_if_secure(self): @@ -68,7 +68,10 @@ class SecurityMiddlewareTest(SimpleTestCase): The "Strict-Transport-Security" header is not added to responses going over an insecure connection. """ - self.assertNotIn("Strict-Transport-Security", self.process_response(secure=False)) + self.assertNotIn( + 'Strict-Transport-Security', + self.process_response(secure=False).headers, + ) @override_settings(SECURE_HSTS_SECONDS=0) def test_sts_off(self): @@ -76,7 +79,10 @@ class SecurityMiddlewareTest(SimpleTestCase): With SECURE_HSTS_SECONDS=0, the middleware does not add a "Strict-Transport-Security" header to the response. """ - self.assertNotIn("Strict-Transport-Security", self.process_response(secure=True)) + self.assertNotIn( + 'Strict-Transport-Security', + self.process_response(secure=True).headers, + ) @override_settings(SECURE_HSTS_SECONDS=600, SECURE_HSTS_INCLUDE_SUBDOMAINS=True) def test_sts_include_subdomains(self): @@ -86,7 +92,10 @@ class SecurityMiddlewareTest(SimpleTestCase): "includeSubDomains" directive to the response. """ response = self.process_response(secure=True) - self.assertEqual(response["Strict-Transport-Security"], "max-age=600; includeSubDomains") + self.assertEqual( + response.headers['Strict-Transport-Security'], + 'max-age=600; includeSubDomains', + ) @override_settings(SECURE_HSTS_SECONDS=600, SECURE_HSTS_INCLUDE_SUBDOMAINS=False) def test_sts_no_include_subdomains(self): @@ -96,7 +105,7 @@ class SecurityMiddlewareTest(SimpleTestCase): the "includeSubDomains" directive to the response. """ response = self.process_response(secure=True) - self.assertEqual(response["Strict-Transport-Security"], "max-age=600") + self.assertEqual(response.headers["Strict-Transport-Security"], "max-age=600") @override_settings(SECURE_HSTS_SECONDS=10886400, SECURE_HSTS_PRELOAD=True) def test_sts_preload(self): @@ -106,7 +115,10 @@ class SecurityMiddlewareTest(SimpleTestCase): directive to the response. """ response = self.process_response(secure=True) - self.assertEqual(response["Strict-Transport-Security"], "max-age=10886400; preload") + self.assertEqual( + response.headers['Strict-Transport-Security'], + 'max-age=10886400; preload', + ) @override_settings(SECURE_HSTS_SECONDS=10886400, SECURE_HSTS_INCLUDE_SUBDOMAINS=True, SECURE_HSTS_PRELOAD=True) def test_sts_subdomains_and_preload(self): @@ -117,7 +129,10 @@ class SecurityMiddlewareTest(SimpleTestCase): to the response. """ response = self.process_response(secure=True) - self.assertEqual(response["Strict-Transport-Security"], "max-age=10886400; includeSubDomains; preload") + self.assertEqual( + response.headers['Strict-Transport-Security'], + 'max-age=10886400; includeSubDomains; preload', + ) @override_settings(SECURE_HSTS_SECONDS=10886400, SECURE_HSTS_PRELOAD=False) def test_sts_no_preload(self): @@ -127,7 +142,10 @@ class SecurityMiddlewareTest(SimpleTestCase): the "preload" directive to the response. """ response = self.process_response(secure=True) - self.assertEqual(response["Strict-Transport-Security"], "max-age=10886400") + self.assertEqual( + response.headers['Strict-Transport-Security'], + 'max-age=10886400', + ) @override_settings(SECURE_CONTENT_TYPE_NOSNIFF=True) def test_content_type_on(self): @@ -135,7 +153,10 @@ class SecurityMiddlewareTest(SimpleTestCase): With SECURE_CONTENT_TYPE_NOSNIFF set to True, the middleware adds "X-Content-Type-Options: nosniff" header to the response. """ - self.assertEqual(self.process_response()["X-Content-Type-Options"], "nosniff") + self.assertEqual( + self.process_response().headers['X-Content-Type-Options'], + 'nosniff', + ) @override_settings(SECURE_CONTENT_TYPE_NOSNIFF=True) def test_content_type_already_present(self): @@ -144,7 +165,7 @@ class SecurityMiddlewareTest(SimpleTestCase): already present in the response. """ response = self.process_response(secure=True, headers={"X-Content-Type-Options": "foo"}) - self.assertEqual(response["X-Content-Type-Options"], "foo") + self.assertEqual(response.headers["X-Content-Type-Options"], "foo") @override_settings(SECURE_CONTENT_TYPE_NOSNIFF=False) def test_content_type_off(self): @@ -152,7 +173,7 @@ class SecurityMiddlewareTest(SimpleTestCase): With SECURE_CONTENT_TYPE_NOSNIFF False, the middleware does not add an "X-Content-Type-Options" header to the response. """ - self.assertNotIn("X-Content-Type-Options", self.process_response()) + self.assertNotIn('X-Content-Type-Options', self.process_response().headers) @override_settings(SECURE_BROWSER_XSS_FILTER=True) def test_xss_filter_on(self): @@ -160,7 +181,10 @@ class SecurityMiddlewareTest(SimpleTestCase): With SECURE_BROWSER_XSS_FILTER set to True, the middleware adds "s-xss-protection: 1; mode=block" header to the response. """ - self.assertEqual(self.process_response()["X-XSS-Protection"], "1; mode=block") + self.assertEqual( + self.process_response().headers['X-XSS-Protection'], + '1; mode=block', + ) @override_settings(SECURE_BROWSER_XSS_FILTER=True) def test_xss_filter_already_present(self): @@ -169,7 +193,7 @@ class SecurityMiddlewareTest(SimpleTestCase): already present in the response. """ response = self.process_response(secure=True, headers={"X-XSS-Protection": "foo"}) - self.assertEqual(response["X-XSS-Protection"], "foo") + self.assertEqual(response.headers["X-XSS-Protection"], "foo") @override_settings(SECURE_BROWSER_XSS_FILTER=False) def test_xss_filter_off(self): @@ -177,7 +201,7 @@ class SecurityMiddlewareTest(SimpleTestCase): With SECURE_BROWSER_XSS_FILTER set to False, the middleware does not add an "X-XSS-Protection" header to the response. """ - self.assertNotIn("X-XSS-Protection", self.process_response()) + self.assertNotIn('X-XSS-Protection', self.process_response().headers) @override_settings(SECURE_SSL_REDIRECT=True) def test_ssl_redirect_on(self): @@ -229,7 +253,7 @@ class SecurityMiddlewareTest(SimpleTestCase): With SECURE_REFERRER_POLICY set to None, the middleware does not add a "Referrer-Policy" header to the response. """ - self.assertNotIn('Referrer-Policy', self.process_response()) + self.assertNotIn('Referrer-Policy', self.process_response().headers) def test_referrer_policy_on(self): """ @@ -245,7 +269,10 @@ class SecurityMiddlewareTest(SimpleTestCase): ) for value, expected in tests: with self.subTest(value=value), override_settings(SECURE_REFERRER_POLICY=value): - self.assertEqual(self.process_response()['Referrer-Policy'], expected) + self.assertEqual( + self.process_response().headers['Referrer-Policy'], + expected, + ) @override_settings(SECURE_REFERRER_POLICY='strict-origin') def test_referrer_policy_already_present(self): @@ -254,4 +281,4 @@ class SecurityMiddlewareTest(SimpleTestCase): present in the response. """ response = self.process_response(headers={'Referrer-Policy': 'unsafe-url'}) - self.assertEqual(response['Referrer-Policy'], 'unsafe-url') + self.assertEqual(response.headers['Referrer-Policy'], 'unsafe-url') diff --git a/tests/middleware/tests.py b/tests/middleware/tests.py index 14c9284bbf..4b49858cd9 100644 --- a/tests/middleware/tests.py +++ b/tests/middleware/tests.py @@ -292,7 +292,7 @@ class CommonMiddlewareTest(SimpleTestCase): return response response = CommonMiddleware(get_response)(self.rf.get('/')) - self.assertEqual(int(response['Content-Length']), len(response.content)) + self.assertEqual(int(response.headers['Content-Length']), len(response.content)) def test_content_length_header_not_added_for_streaming_response(self): def get_response(req): @@ -308,11 +308,11 @@ class CommonMiddlewareTest(SimpleTestCase): def get_response(req): response = HttpResponse() - response['Content-Length'] = bad_content_length + response.headers['Content-Length'] = bad_content_length return response response = CommonMiddleware(get_response)(self.rf.get('/')) - self.assertEqual(int(response['Content-Length']), bad_content_length) + self.assertEqual(int(response.headers['Content-Length']), bad_content_length) # Other tests @@ -607,7 +607,7 @@ class ConditionalGetMiddlewareTest(SimpleTestCase): self.assertEqual(new_response.status_code, 304) base_response = get_response(self.req) for header in ('Cache-Control', 'Content-Location', 'Date', 'ETag', 'Expires', 'Last-Modified', 'Vary'): - self.assertEqual(new_response[header], base_response[header]) + self.assertEqual(new_response.headers[header], base_response.headers[header]) self.assertEqual(new_response.cookies, base_response.cookies) self.assertNotIn('Content-Language', new_response) @@ -622,7 +622,7 @@ class ConditionalGetMiddlewareTest(SimpleTestCase): return HttpResponse(status=200) response = ConditionalGetMiddleware(self.get_response)(self.req) - etag = response['ETag'] + etag = response.headers['ETag'] put_request = self.request_factory.put('/', HTTP_IF_MATCH=etag) conditional_get_response = ConditionalGetMiddleware(get_200_response)(put_request) self.assertEqual(conditional_get_response.status_code, 200) # should never be a 412 @@ -653,11 +653,11 @@ class XFrameOptionsMiddlewareTest(SimpleTestCase): """ with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'): r = XFrameOptionsMiddleware(get_response_empty)(HttpRequest()) - self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN') + self.assertEqual(r.headers['X-Frame-Options'], 'SAMEORIGIN') with override_settings(X_FRAME_OPTIONS='sameorigin'): r = XFrameOptionsMiddleware(get_response_empty)(HttpRequest()) - self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN') + self.assertEqual(r.headers['X-Frame-Options'], 'SAMEORIGIN') def test_deny(self): """ @@ -666,11 +666,11 @@ class XFrameOptionsMiddlewareTest(SimpleTestCase): """ with override_settings(X_FRAME_OPTIONS='DENY'): r = XFrameOptionsMiddleware(get_response_empty)(HttpRequest()) - self.assertEqual(r['X-Frame-Options'], 'DENY') + self.assertEqual(r.headers['X-Frame-Options'], 'DENY') with override_settings(X_FRAME_OPTIONS='deny'): r = XFrameOptionsMiddleware(get_response_empty)(HttpRequest()) - self.assertEqual(r['X-Frame-Options'], 'DENY') + self.assertEqual(r.headers['X-Frame-Options'], 'DENY') def test_defaults_sameorigin(self): """ @@ -680,7 +680,7 @@ class XFrameOptionsMiddlewareTest(SimpleTestCase): with override_settings(X_FRAME_OPTIONS=None): del settings.X_FRAME_OPTIONS # restored by override_settings r = XFrameOptionsMiddleware(get_response_empty)(HttpRequest()) - self.assertEqual(r['X-Frame-Options'], 'DENY') + self.assertEqual(r.headers['X-Frame-Options'], 'DENY') def test_dont_set_if_set(self): """ @@ -689,21 +689,21 @@ class XFrameOptionsMiddlewareTest(SimpleTestCase): """ def same_origin_response(request): response = HttpResponse() - response['X-Frame-Options'] = 'SAMEORIGIN' + response.headers['X-Frame-Options'] = 'SAMEORIGIN' return response def deny_response(request): response = HttpResponse() - response['X-Frame-Options'] = 'DENY' + response.headers['X-Frame-Options'] = 'DENY' return response with override_settings(X_FRAME_OPTIONS='DENY'): r = XFrameOptionsMiddleware(same_origin_response)(HttpRequest()) - self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN') + self.assertEqual(r.headers['X-Frame-Options'], 'SAMEORIGIN') with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'): r = XFrameOptionsMiddleware(deny_response)(HttpRequest()) - self.assertEqual(r['X-Frame-Options'], 'DENY') + self.assertEqual(r.headers['X-Frame-Options'], 'DENY') def test_response_exempt(self): """ @@ -722,10 +722,10 @@ class XFrameOptionsMiddlewareTest(SimpleTestCase): with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'): r = XFrameOptionsMiddleware(xframe_not_exempt_response)(HttpRequest()) - self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN') + self.assertEqual(r.headers['X-Frame-Options'], 'SAMEORIGIN') r = XFrameOptionsMiddleware(xframe_exempt_response)(HttpRequest()) - self.assertIsNone(r.get('X-Frame-Options')) + self.assertIsNone(r.headers.get('X-Frame-Options')) def test_is_extendable(self): """ @@ -749,16 +749,16 @@ class XFrameOptionsMiddlewareTest(SimpleTestCase): with override_settings(X_FRAME_OPTIONS='DENY'): r = OtherXFrameOptionsMiddleware(same_origin_response)(HttpRequest()) - self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN') + self.assertEqual(r.headers['X-Frame-Options'], 'SAMEORIGIN') request = HttpRequest() request.sameorigin = True r = OtherXFrameOptionsMiddleware(get_response_empty)(request) - self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN') + self.assertEqual(r.headers['X-Frame-Options'], 'SAMEORIGIN') with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'): r = OtherXFrameOptionsMiddleware(get_response_empty)(HttpRequest()) - self.assertEqual(r['X-Frame-Options'], 'DENY') + self.assertEqual(r.headers['X-Frame-Options'], 'DENY') class GZipMiddlewareTest(SimpleTestCase): @@ -916,12 +916,12 @@ class ETagGZipMiddlewareTest(SimpleTestCase): """ def get_response(req): response = HttpResponse(self.compressible_string) - response['ETag'] = '"eggs"' + response.headers['ETag'] = '"eggs"' return response request = self.rf.get('/', HTTP_ACCEPT_ENCODING='gzip, deflate') gzip_response = GZipMiddleware(get_response)(request) - self.assertEqual(gzip_response['ETag'], 'W/"eggs"') + self.assertEqual(gzip_response.headers['ETag'], 'W/"eggs"') def test_weak_etag_not_modified(self): """ @@ -929,12 +929,12 @@ class ETagGZipMiddlewareTest(SimpleTestCase): """ def get_response(req): response = HttpResponse(self.compressible_string) - response['ETag'] = 'W/"eggs"' + response.headers['ETag'] = 'W/"eggs"' return response request = self.rf.get('/', HTTP_ACCEPT_ENCODING='gzip, deflate') gzip_response = GZipMiddleware(get_response)(request) - self.assertEqual(gzip_response['ETag'], 'W/"eggs"') + self.assertEqual(gzip_response.headers['ETag'], 'W/"eggs"') def test_etag_match(self): """ @@ -949,7 +949,7 @@ class ETagGZipMiddlewareTest(SimpleTestCase): request = self.rf.get('/', HTTP_ACCEPT_ENCODING='gzip, deflate') response = GZipMiddleware(get_cond_response)(request) - gzip_etag = response['ETag'] + gzip_etag = response.headers['ETag'] next_request = self.rf.get('/', HTTP_ACCEPT_ENCODING='gzip, deflate', HTTP_IF_NONE_MATCH=gzip_etag) next_response = ConditionalGetMiddleware(get_response)(next_request) self.assertEqual(next_response.status_code, 304) |