The XFrameOptionsMiddleware method that determines the X-Frame-Options header value can be overridden based on something in the request or response.
(self)
| 863 | self.assertIsNone(r.headers.get("X-Frame-Options")) |
| 864 | |
| 865 | def test_is_extendable(self): |
| 866 | """ |
| 867 | The XFrameOptionsMiddleware method that determines the X-Frame-Options |
| 868 | header value can be overridden based on something in the request or |
| 869 | response. |
| 870 | """ |
| 871 | |
| 872 | class OtherXFrameOptionsMiddleware(XFrameOptionsMiddleware): |
| 873 | # This is just an example for testing purposes... |
| 874 | def get_xframe_options_value(self, request, response): |
| 875 | if getattr(request, "sameorigin", False): |
| 876 | return "SAMEORIGIN" |
| 877 | if getattr(response, "sameorigin", False): |
| 878 | return "SAMEORIGIN" |
| 879 | return "DENY" |
| 880 | |
| 881 | def same_origin_response(request): |
| 882 | response = HttpResponse() |
| 883 | response.sameorigin = True |
| 884 | return response |
| 885 | |
| 886 | with override_settings(X_FRAME_OPTIONS="DENY"): |
| 887 | r = OtherXFrameOptionsMiddleware(same_origin_response)(HttpRequest()) |
| 888 | self.assertEqual(r.headers["X-Frame-Options"], "SAMEORIGIN") |
| 889 | |
| 890 | request = HttpRequest() |
| 891 | request.sameorigin = True |
| 892 | r = OtherXFrameOptionsMiddleware(get_response_empty)(request) |
| 893 | self.assertEqual(r.headers["X-Frame-Options"], "SAMEORIGIN") |
| 894 | |
| 895 | with override_settings(X_FRAME_OPTIONS="SAMEORIGIN"): |
| 896 | r = OtherXFrameOptionsMiddleware(get_response_empty)(HttpRequest()) |
| 897 | self.assertEqual(r.headers["X-Frame-Options"], "DENY") |
| 898 | |
| 899 | |
| 900 | class GZipMiddlewareTest(SimpleTestCase): |
nothing calls this directly
no test coverage detected