mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-17 22:07:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY.

Browse source
This commit is contained in:
Claude Paroz 2019-09-07 09:52:10 +02:00 committed by Mariusz Felisiak
parent 5495ea3ae0
commit 05d0eca635
9 changed files with 32 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

4
tests/middleware/tests.py
View file

@ -621,12 +621,12 @@ class XFrameOptionsMiddlewareTest(SimpleTestCase):
def test_defaults_sameorigin(self):
"""
If the X_FRAME_OPTIONS setting is not set then it defaults to
SAMEORIGIN.
DENY.
"""
with override_settings(X_FRAME_OPTIONS=None):
del settings.X_FRAME_OPTIONS # restored by override_settings
r = XFrameOptionsMiddleware().process_response(HttpRequest(), HttpResponse())
self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')
self.assertEqual(r['X-Frame-Options'], 'DENY')
def test_dont_set_if_set(self):
"""