If the X-Frame-Options header is already set then the middleware does not attempt to override it.
(self)
| 816 | self.assertEqual(r.headers["X-Frame-Options"], "DENY") |
| 817 | |
| 818 | def test_dont_set_if_set(self): |
| 819 | """ |
| 820 | If the X-Frame-Options header is already set then the middleware does |
| 821 | not attempt to override it. |
| 822 | """ |
| 823 | |
| 824 | def same_origin_response(request): |
| 825 | response = HttpResponse() |
| 826 | response.headers["X-Frame-Options"] = "SAMEORIGIN" |
| 827 | return response |
| 828 | |
| 829 | def deny_response(request): |
| 830 | response = HttpResponse() |
| 831 | response.headers["X-Frame-Options"] = "DENY" |
| 832 | return response |
| 833 | |
| 834 | with override_settings(X_FRAME_OPTIONS="DENY"): |
| 835 | r = XFrameOptionsMiddleware(same_origin_response)(HttpRequest()) |
| 836 | self.assertEqual(r.headers["X-Frame-Options"], "SAMEORIGIN") |
| 837 | |
| 838 | with override_settings(X_FRAME_OPTIONS="SAMEORIGIN"): |
| 839 | r = XFrameOptionsMiddleware(deny_response)(HttpRequest()) |
| 840 | self.assertEqual(r.headers["X-Frame-Options"], "DENY") |
| 841 | |
| 842 | def test_response_exempt(self): |
| 843 | """ |
nothing calls this directly
no test coverage detected