If the response has an xframe_options_exempt attribute set to False then it still sets the header, but if it's set to True then it doesn't.
(self)
| 840 | self.assertEqual(r.headers["X-Frame-Options"], "DENY") |
| 841 | |
| 842 | def test_response_exempt(self): |
| 843 | """ |
| 844 | If the response has an xframe_options_exempt attribute set to False |
| 845 | then it still sets the header, but if it's set to True then it doesn't. |
| 846 | """ |
| 847 | |
| 848 | def xframe_exempt_response(request): |
| 849 | response = HttpResponse() |
| 850 | response.xframe_options_exempt = True |
| 851 | return response |
| 852 | |
| 853 | def xframe_not_exempt_response(request): |
| 854 | response = HttpResponse() |
| 855 | response.xframe_options_exempt = False |
| 856 | return response |
| 857 | |
| 858 | with override_settings(X_FRAME_OPTIONS="SAMEORIGIN"): |
| 859 | r = XFrameOptionsMiddleware(xframe_not_exempt_response)(HttpRequest()) |
| 860 | self.assertEqual(r.headers["X-Frame-Options"], "SAMEORIGIN") |
| 861 | |
| 862 | r = XFrameOptionsMiddleware(xframe_exempt_response)(HttpRequest()) |
| 863 | self.assertIsNone(r.headers.get("X-Frame-Options")) |
| 864 | |
| 865 | def test_is_extendable(self): |
| 866 | """ |
nothing calls this directly
no test coverage detected