mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-24 14:16:09 +00:00
Code Issues 32 Releases Wiki Activity

Fixed #30426 -- Changed X_FRAME_OPTIONS setting default to DENY.

Browse Source
This commit is contained in:
Claude Paroz
2019-09-07 09:52:10 +02:00
committed by Mariusz Felisiak
parent 5495ea3ae0
commit 05d0eca635
9 changed files with 32 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
tests/middleware/tests.py
View File

@@ -621,12 +621,12 @@ class XFrameOptionsMiddlewareTest(SimpleTestCase):
def test_defaults_sameorigin(self):
"""
If the X_FRAME_OPTIONS setting is not set then it defaults to
SAMEORIGIN.
DENY.
"""
with override_settings(X_FRAME_OPTIONS=None):
del settings.X_FRAME_OPTIONS # restored by override_settings
r = XFrameOptionsMiddleware().process_response(HttpRequest(), HttpResponse())
self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')
self.assertEqual(r['X-Frame-Options'], 'DENY')
def test_dont_set_if_set(self):
"""