summaryrefslogtreecommitdiff
path: root/tests/middleware/test_security.py
diff options
context:
space:
mode:
Diffstat (limited to 'tests/middleware/test_security.py')
-rw-r--r--tests/middleware/test_security.py33
1 files changed, 33 insertions, 0 deletions
diff --git a/tests/middleware/test_security.py b/tests/middleware/test_security.py
index 86153f19ee..07b72fc73a 100644
--- a/tests/middleware/test_security.py
+++ b/tests/middleware/test_security.py
@@ -222,3 +222,36 @@ class SecurityMiddlewareTest(SimpleTestCase):
"""
ret = self.process_request("get", "/some/url")
self.assertIsNone(ret)
+
+ @override_settings(SECURE_REFERRER_POLICY=None)
+ def test_referrer_policy_off(self):
+ """
+ With SECURE_REFERRER_POLICY set to None, the middleware does not add a
+ "Referrer-Policy" header to the response.
+ """
+ self.assertNotIn('Referrer-Policy', self.process_response())
+
+ def test_referrer_policy_on(self):
+ """
+ With SECURE_REFERRER_POLICY set to a valid value, the middleware adds a
+ "Referrer-Policy" header to the response.
+ """
+ tests = (
+ ('strict-origin', 'strict-origin'),
+ ('strict-origin,origin', 'strict-origin,origin'),
+ ('strict-origin, origin', 'strict-origin,origin'),
+ (['strict-origin', 'origin'], 'strict-origin,origin'),
+ (('strict-origin', 'origin'), 'strict-origin,origin'),
+ )
+ for value, expected in tests:
+ with self.subTest(value=value), override_settings(SECURE_REFERRER_POLICY=value):
+ self.assertEqual(self.process_response()['Referrer-Policy'], expected)
+
+ @override_settings(SECURE_REFERRER_POLICY='strict-origin')
+ def test_referrer_policy_already_present(self):
+ """
+ The middleware will not override a "Referrer-Policy" header already
+ present in the response.
+ """
+ response = self.process_response(headers={'Referrer-Policy': 'unsafe-url'})
+ self.assertEqual(response['Referrer-Policy'], 'unsafe-url')
generated by cgit v1.3 (git 2.53.0) at 2026-05-01 21:56:16 +0000