The X_FRAME_OPTIONS setting can be set to DENY to have the middleware use that value for the HTTP header.
(self)
| 793 | self.assertEqual(r.headers["X-Frame-Options"], "SAMEORIGIN") |
| 794 | |
| 795 | def test_deny(self): |
| 796 | """ |
| 797 | The X_FRAME_OPTIONS setting can be set to DENY to have the middleware |
| 798 | use that value for the HTTP header. |
| 799 | """ |
| 800 | with override_settings(X_FRAME_OPTIONS="DENY"): |
| 801 | r = XFrameOptionsMiddleware(get_response_empty)(HttpRequest()) |
| 802 | self.assertEqual(r.headers["X-Frame-Options"], "DENY") |
| 803 | |
| 804 | with override_settings(X_FRAME_OPTIONS="deny"): |
| 805 | r = XFrameOptionsMiddleware(get_response_empty)(HttpRequest()) |
| 806 | self.assertEqual(r.headers["X-Frame-Options"], "DENY") |
| 807 | |
| 808 | def test_defaults_sameorigin(self): |
| 809 | """ |
nothing calls this directly
no test coverage detected