The X_FRAME_OPTIONS setting can be set to SAMEORIGIN to have the middleware use that value for the HTTP header.
(self)
| 780 | """ |
| 781 | |
| 782 | def test_same_origin(self): |
| 783 | """ |
| 784 | The X_FRAME_OPTIONS setting can be set to SAMEORIGIN to have the |
| 785 | middleware use that value for the HTTP header. |
| 786 | """ |
| 787 | with override_settings(X_FRAME_OPTIONS="SAMEORIGIN"): |
| 788 | r = XFrameOptionsMiddleware(get_response_empty)(HttpRequest()) |
| 789 | self.assertEqual(r.headers["X-Frame-Options"], "SAMEORIGIN") |
| 790 | |
| 791 | with override_settings(X_FRAME_OPTIONS="sameorigin"): |
| 792 | r = XFrameOptionsMiddleware(get_response_empty)(HttpRequest()) |
| 793 | self.assertEqual(r.headers["X-Frame-Options"], "SAMEORIGIN") |
| 794 | |
| 795 | def test_deny(self): |
| 796 | """ |
nothing calls this directly
no test coverage detected