mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-07-24 13:44:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fixed #31840 -- Added support for Cross-Origin Opener Policy header.

Browse source 
Thanks Adam Johnson and Tim Graham for the reviews.

Co-authored-by: Tim Graham <timograham@gmail.com>
This commit is contained in:
bankc 2020-08-26 12:09:19 -04:00 committed by Mariusz Felisiak
parent f6018c1e63
commit db5b75f10f
12 changed files with 175 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

25
tests/check_framework/test_security.py
View file

@ -504,3 +504,28 @@ class CSRFFailureViewTest(SimpleTestCase):
csrf.check_csrf_failure_view(None),
[Error(msg, id='security.E101')],
)
class CheckCrossOriginOpenerPolicyTest(SimpleTestCase):
@override_settings(
MIDDLEWARE=['django.middleware.security.SecurityMiddleware'],
SECURE_CROSS_ORIGIN_OPENER_POLICY=None,
)
def test_no_coop(self):
self.assertEqual(base.check_cross_origin_opener_policy(None), [])
@override_settings(MIDDLEWARE=['django.middleware.security.SecurityMiddleware'])
def test_with_coop(self):
tests = ['same-origin', 'same-origin-allow-popups', 'unsafe-none']
for value in tests:
with self.subTest(value=value), override_settings(
SECURE_CROSS_ORIGIN_OPENER_POLICY=value,
):
self.assertEqual(base.check_cross_origin_opener_policy(None), [])
@override_settings(
MIDDLEWARE=['django.middleware.security.SecurityMiddleware'],
SECURE_CROSS_ORIGIN_OPENER_POLICY='invalid-value',
)
def test_with_invalid_coop(self):
self.assertEqual(base.check_cross_origin_opener_policy(None), [base.E024])