2007-12-03 07:25:55 +08:00
|
|
|
# -*- coding: utf-8 -*-
|
2013-07-30 01:19:04 +08:00
|
|
|
from __future__ import unicode_literals
|
2007-12-03 07:25:55 +08:00
|
|
|
|
2012-01-10 05:42:03 +08:00
|
|
|
import gzip
|
2013-01-02 05:28:48 +08:00
|
|
|
import random
|
|
|
|
import re
|
2015-01-28 20:35:27 +08:00
|
|
|
from io import BytesIO
|
2013-10-18 19:25:30 +08:00
|
|
|
from unittest import skipIf
|
2011-05-06 04:49:26 +08:00
|
|
|
|
2010-12-04 15:28:12 +08:00
|
|
|
from django.conf import settings
|
2011-05-06 04:49:26 +08:00
|
|
|
from django.core import mail
|
2015-06-24 18:11:43 +08:00
|
|
|
from django.core.exceptions import PermissionDenied
|
2014-11-05 04:19:10 +08:00
|
|
|
from django.http import (
|
2015-04-28 13:23:42 +08:00
|
|
|
FileResponse, HttpRequest, HttpResponse, HttpResponseNotFound,
|
|
|
|
HttpResponsePermanentRedirect, HttpResponseRedirect, StreamingHttpResponse,
|
2014-11-05 04:19:10 +08:00
|
|
|
)
|
2011-05-31 06:27:47 +08:00
|
|
|
from django.middleware.clickjacking import XFrameOptionsMiddleware
|
2015-01-28 20:35:27 +08:00
|
|
|
from django.middleware.common import (
|
|
|
|
BrokenLinkEmailsMiddleware, CommonMiddleware,
|
|
|
|
)
|
2012-01-10 05:42:03 +08:00
|
|
|
from django.middleware.gzip import GZipMiddleware
|
2015-01-28 20:35:27 +08:00
|
|
|
from django.middleware.http import ConditionalGetMiddleware
|
2015-04-18 05:38:20 +08:00
|
|
|
from django.test import RequestFactory, SimpleTestCase, override_settings
|
2012-08-16 04:42:18 +08:00
|
|
|
from django.utils import six
|
2013-02-02 20:48:55 +08:00
|
|
|
from django.utils.encoding import force_str
|
2014-12-13 21:04:36 +08:00
|
|
|
from django.utils.six.moves import range
|
2014-12-28 04:15:16 +08:00
|
|
|
from django.utils.six.moves.urllib.parse import quote
|
2012-08-15 23:41:09 +08:00
|
|
|
|
2007-12-03 07:25:55 +08:00
|
|
|
|
2014-04-05 14:04:46 +08:00
|
|
|
@override_settings(ROOT_URLCONF='middleware.urls')
|
2015-04-18 05:38:20 +08:00
|
|
|
class CommonMiddlewareTest(SimpleTestCase):
|
2008-10-08 16:36:41 +08:00
|
|
|
|
2014-12-28 04:15:16 +08:00
|
|
|
rf = RequestFactory()
|
2007-12-03 07:25:55 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=True)
|
2007-12-03 07:25:55 +08:00
|
|
|
def test_append_slash_have_slash(self):
|
|
|
|
"""
|
2015-03-26 19:58:43 +08:00
|
|
|
URLs with slashes should go unmolested.
|
2007-12-03 07:25:55 +08:00
|
|
|
"""
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/slash/')
|
2011-03-03 23:04:39 +08:00
|
|
|
self.assertEqual(CommonMiddleware().process_request(request), None)
|
2015-04-28 13:23:42 +08:00
|
|
|
response = HttpResponseNotFound()
|
|
|
|
self.assertEqual(CommonMiddleware().process_response(request, response), response)
|
2007-12-03 07:25:55 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=True)
|
2007-12-03 07:25:55 +08:00
|
|
|
def test_append_slash_slashless_resource(self):
|
|
|
|
"""
|
2015-03-26 19:58:43 +08:00
|
|
|
Matches to explicit slashless URLs should go unmolested.
|
2007-12-03 07:25:55 +08:00
|
|
|
"""
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/noslash')
|
2011-03-03 23:04:39 +08:00
|
|
|
self.assertEqual(CommonMiddleware().process_request(request), None)
|
2015-04-28 13:23:42 +08:00
|
|
|
response = HttpResponse("Here's the text of the Web page.")
|
|
|
|
self.assertEqual(CommonMiddleware().process_response(request, response), response)
|
2007-12-03 07:25:55 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=True)
|
2007-12-03 07:25:55 +08:00
|
|
|
def test_append_slash_slashless_unknown(self):
|
|
|
|
"""
|
2015-03-26 19:58:43 +08:00
|
|
|
APPEND_SLASH should not redirect to unknown resources.
|
2007-12-03 07:25:55 +08:00
|
|
|
"""
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/unknown')
|
2015-04-28 13:23:42 +08:00
|
|
|
response = HttpResponseNotFound()
|
|
|
|
self.assertEqual(CommonMiddleware().process_response(request, response), response)
|
2007-12-03 07:25:55 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=True)
|
2007-12-03 07:25:55 +08:00
|
|
|
def test_append_slash_redirect(self):
|
|
|
|
"""
|
2015-03-26 19:58:43 +08:00
|
|
|
APPEND_SLASH should redirect slashless URLs to a valid pattern.
|
2007-12-03 07:25:55 +08:00
|
|
|
"""
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/slash')
|
2016-03-19 03:21:41 +08:00
|
|
|
r = CommonMiddleware().process_request(request)
|
2011-03-03 23:04:39 +08:00
|
|
|
self.assertEqual(r.status_code, 301)
|
2007-12-03 07:25:55 +08:00
|
|
|
|
2015-03-26 19:58:43 +08:00
|
|
|
@override_settings(APPEND_SLASH=True)
|
|
|
|
def test_append_slash_redirect_querystring(self):
|
|
|
|
"""
|
|
|
|
APPEND_SLASH should preserve querystrings when redirecting.
|
|
|
|
"""
|
|
|
|
request = self.rf.get('/slash?test=1')
|
2015-04-28 13:23:42 +08:00
|
|
|
response = HttpResponseNotFound()
|
|
|
|
r = CommonMiddleware().process_response(request, response)
|
2015-03-26 19:58:43 +08:00
|
|
|
self.assertEqual(r.url, '/slash/?test=1')
|
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=True, DEBUG=True)
|
2007-12-03 07:25:55 +08:00
|
|
|
def test_append_slash_no_redirect_on_POST_in_DEBUG(self):
|
|
|
|
"""
|
2008-01-03 10:14:29 +08:00
|
|
|
Tests that while in debug mode, an exception is raised with a warning
|
2015-01-13 21:42:21 +08:00
|
|
|
when a failed attempt is made to POST, PUT, or PATCH to an URL which
|
|
|
|
would normally be redirected to a slashed version.
|
2007-12-03 07:25:55 +08:00
|
|
|
"""
|
2015-01-13 21:42:21 +08:00
|
|
|
msg = "maintaining %s data. Change your form to point to testserver/slash/"
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/slash')
|
2007-12-03 07:25:55 +08:00
|
|
|
request.method = 'POST'
|
2015-04-28 13:23:42 +08:00
|
|
|
response = HttpResponseNotFound()
|
2015-12-31 22:22:14 +08:00
|
|
|
with self.assertRaisesMessage(RuntimeError, msg % request.method):
|
2015-04-28 13:23:42 +08:00
|
|
|
CommonMiddleware().process_response(request, response)
|
2015-01-13 21:42:21 +08:00
|
|
|
request = self.rf.get('/slash')
|
|
|
|
request.method = 'PUT'
|
2015-12-31 22:22:14 +08:00
|
|
|
with self.assertRaisesMessage(RuntimeError, msg % request.method):
|
2015-04-28 13:23:42 +08:00
|
|
|
CommonMiddleware().process_response(request, response)
|
2015-01-13 21:42:21 +08:00
|
|
|
request = self.rf.get('/slash')
|
|
|
|
request.method = 'PATCH'
|
2015-12-31 22:22:14 +08:00
|
|
|
with self.assertRaisesMessage(RuntimeError, msg % request.method):
|
2015-04-28 13:23:42 +08:00
|
|
|
CommonMiddleware().process_response(request, response)
|
2007-12-03 07:25:55 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=False)
|
2007-12-03 07:25:55 +08:00
|
|
|
def test_append_slash_disabled(self):
|
|
|
|
"""
|
2015-03-26 19:58:43 +08:00
|
|
|
Disabling append slash functionality should leave slashless URLs alone.
|
2007-12-03 07:25:55 +08:00
|
|
|
"""
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/slash')
|
2015-04-28 13:23:42 +08:00
|
|
|
response = HttpResponseNotFound()
|
|
|
|
self.assertEqual(CommonMiddleware().process_response(request, response), response)
|
2007-12-03 07:25:55 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=True)
|
2007-12-03 07:25:55 +08:00
|
|
|
def test_append_slash_quoted(self):
|
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
URLs which require quoting should be redirected to their slash version.
|
2007-12-03 07:25:55 +08:00
|
|
|
"""
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get(quote('/needsquoting#'))
|
2015-04-28 13:23:42 +08:00
|
|
|
response = HttpResponseNotFound()
|
|
|
|
r = CommonMiddleware().process_response(request, response)
|
2011-03-03 23:04:39 +08:00
|
|
|
self.assertEqual(r.status_code, 301)
|
2015-12-31 22:22:14 +08:00
|
|
|
self.assertEqual(r.url, '/needsquoting%23/')
|
2008-10-07 16:22:50 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=False, PREPEND_WWW=True)
|
2008-10-07 16:22:50 +08:00
|
|
|
def test_prepend_www(self):
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/path/')
|
2008-10-07 16:22:50 +08:00
|
|
|
r = CommonMiddleware().process_request(request)
|
2011-03-03 23:04:39 +08:00
|
|
|
self.assertEqual(r.status_code, 301)
|
2015-12-31 22:22:14 +08:00
|
|
|
self.assertEqual(r.url, 'http://www.testserver/path/')
|
2008-10-07 16:22:50 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=True, PREPEND_WWW=True)
|
2008-10-07 16:22:50 +08:00
|
|
|
def test_prepend_www_append_slash_have_slash(self):
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/slash/')
|
2008-10-07 16:22:50 +08:00
|
|
|
r = CommonMiddleware().process_request(request)
|
2011-03-03 23:04:39 +08:00
|
|
|
self.assertEqual(r.status_code, 301)
|
2015-12-31 22:22:14 +08:00
|
|
|
self.assertEqual(r.url, 'http://www.testserver/slash/')
|
2008-10-07 16:22:50 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=True, PREPEND_WWW=True)
|
2008-10-07 16:22:50 +08:00
|
|
|
def test_prepend_www_append_slash_slashless(self):
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/slash')
|
2008-10-07 16:22:50 +08:00
|
|
|
r = CommonMiddleware().process_request(request)
|
2011-03-03 23:04:39 +08:00
|
|
|
self.assertEqual(r.status_code, 301)
|
2015-12-31 22:22:14 +08:00
|
|
|
self.assertEqual(r.url, 'http://www.testserver/slash/')
|
2010-12-04 15:28:12 +08:00
|
|
|
|
2015-10-23 02:46:42 +08:00
|
|
|
# The following tests examine expected behavior given a custom URLconf that
|
2010-03-08 04:03:04 +08:00
|
|
|
# overrides the default one through the request object.
|
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=True)
|
2010-03-08 04:03:04 +08:00
|
|
|
def test_append_slash_have_slash_custom_urlconf(self):
|
2013-01-02 05:46:54 +08:00
|
|
|
"""
|
2015-03-26 19:58:43 +08:00
|
|
|
URLs with slashes should go unmolested.
|
2013-01-02 05:46:54 +08:00
|
|
|
"""
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/customurlconf/slash/')
|
2013-02-26 20:19:18 +08:00
|
|
|
request.urlconf = 'middleware.extra_urls'
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(CommonMiddleware().process_request(request), None)
|
2015-04-28 13:23:42 +08:00
|
|
|
response = HttpResponseNotFound()
|
|
|
|
self.assertEqual(CommonMiddleware().process_response(request, response), response)
|
2010-03-08 04:03:04 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=True)
|
2010-03-08 04:03:04 +08:00
|
|
|
def test_append_slash_slashless_resource_custom_urlconf(self):
|
2013-01-02 05:46:54 +08:00
|
|
|
"""
|
2015-03-26 19:58:43 +08:00
|
|
|
Matches to explicit slashless URLs should go unmolested.
|
2013-01-02 05:46:54 +08:00
|
|
|
"""
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/customurlconf/noslash')
|
2013-02-26 20:19:18 +08:00
|
|
|
request.urlconf = 'middleware.extra_urls'
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(CommonMiddleware().process_request(request), None)
|
2015-04-28 13:23:42 +08:00
|
|
|
response = HttpResponse("Here's the text of the Web page.")
|
|
|
|
self.assertEqual(CommonMiddleware().process_response(request, response), response)
|
2010-03-08 04:03:04 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=True)
|
2010-03-08 04:03:04 +08:00
|
|
|
def test_append_slash_slashless_unknown_custom_urlconf(self):
|
2013-01-02 05:46:54 +08:00
|
|
|
"""
|
2015-03-26 19:58:43 +08:00
|
|
|
APPEND_SLASH should not redirect to unknown resources.
|
2013-01-02 05:46:54 +08:00
|
|
|
"""
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/customurlconf/unknown')
|
2013-02-26 20:19:18 +08:00
|
|
|
request.urlconf = 'middleware.extra_urls'
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(CommonMiddleware().process_request(request), None)
|
2015-04-28 13:23:42 +08:00
|
|
|
response = HttpResponseNotFound()
|
|
|
|
self.assertEqual(CommonMiddleware().process_response(request, response), response)
|
2010-03-08 04:03:04 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=True)
|
2010-03-08 04:03:04 +08:00
|
|
|
def test_append_slash_redirect_custom_urlconf(self):
|
2013-01-02 05:46:54 +08:00
|
|
|
"""
|
2015-03-26 19:58:43 +08:00
|
|
|
APPEND_SLASH should redirect slashless URLs to a valid pattern.
|
2013-01-02 05:46:54 +08:00
|
|
|
"""
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/customurlconf/slash')
|
2013-02-26 20:19:18 +08:00
|
|
|
request.urlconf = 'middleware.extra_urls'
|
2015-04-28 13:23:42 +08:00
|
|
|
response = HttpResponseNotFound()
|
|
|
|
r = CommonMiddleware().process_response(request, response)
|
2015-12-31 22:22:14 +08:00
|
|
|
self.assertIsNotNone(r, "CommonMiddleware failed to return APPEND_SLASH redirect using request.urlconf")
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(r.status_code, 301)
|
2015-03-14 06:40:14 +08:00
|
|
|
self.assertEqual(r.url, '/customurlconf/slash/')
|
2010-03-08 04:03:04 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=True, DEBUG=True)
|
2010-03-08 04:03:04 +08:00
|
|
|
def test_append_slash_no_redirect_on_POST_in_DEBUG_custom_urlconf(self):
|
2013-01-02 05:46:54 +08:00
|
|
|
"""
|
|
|
|
Tests that while in debug mode, an exception is raised with a warning
|
|
|
|
when a failed attempt is made to POST to an URL which would normally be
|
|
|
|
redirected to a slashed version.
|
|
|
|
"""
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/customurlconf/slash')
|
2013-02-26 20:19:18 +08:00
|
|
|
request.urlconf = 'middleware.extra_urls'
|
2013-01-02 05:46:54 +08:00
|
|
|
request.method = 'POST'
|
2015-04-28 13:23:42 +08:00
|
|
|
response = HttpResponseNotFound()
|
2015-12-31 22:22:14 +08:00
|
|
|
with self.assertRaisesMessage(RuntimeError, 'end in a slash'):
|
2015-04-28 13:23:42 +08:00
|
|
|
CommonMiddleware().process_response(request, response)
|
2010-03-08 04:03:04 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=False)
|
2010-03-08 04:03:04 +08:00
|
|
|
def test_append_slash_disabled_custom_urlconf(self):
|
2013-01-02 05:46:54 +08:00
|
|
|
"""
|
2015-03-26 19:58:43 +08:00
|
|
|
Disabling append slash functionality should leave slashless URLs alone.
|
2013-01-02 05:46:54 +08:00
|
|
|
"""
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/customurlconf/slash')
|
2013-02-26 20:19:18 +08:00
|
|
|
request.urlconf = 'middleware.extra_urls'
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(CommonMiddleware().process_request(request), None)
|
2015-04-28 13:23:42 +08:00
|
|
|
response = HttpResponseNotFound()
|
|
|
|
self.assertEqual(CommonMiddleware().process_response(request, response), response)
|
2010-03-08 04:03:04 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=True)
|
2010-03-08 04:03:04 +08:00
|
|
|
def test_append_slash_quoted_custom_urlconf(self):
|
2013-01-02 05:46:54 +08:00
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
URLs which require quoting should be redirected to their slash version.
|
2013-01-02 05:46:54 +08:00
|
|
|
"""
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get(quote('/customurlconf/needsquoting#'))
|
2013-02-26 20:19:18 +08:00
|
|
|
request.urlconf = 'middleware.extra_urls'
|
2015-04-28 13:23:42 +08:00
|
|
|
response = HttpResponseNotFound()
|
|
|
|
r = CommonMiddleware().process_response(request, response)
|
2015-12-31 22:22:14 +08:00
|
|
|
self.assertIsNotNone(r, "CommonMiddleware failed to return APPEND_SLASH redirect using request.urlconf")
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(r.status_code, 301)
|
2015-12-31 22:22:14 +08:00
|
|
|
self.assertEqual(r.url, '/customurlconf/needsquoting%23/')
|
2010-03-08 04:03:04 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=False, PREPEND_WWW=True)
|
2010-03-08 04:03:04 +08:00
|
|
|
def test_prepend_www_custom_urlconf(self):
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/customurlconf/path/')
|
2013-02-26 20:19:18 +08:00
|
|
|
request.urlconf = 'middleware.extra_urls'
|
2013-01-02 05:46:54 +08:00
|
|
|
r = CommonMiddleware().process_request(request)
|
|
|
|
self.assertEqual(r.status_code, 301)
|
2015-12-31 22:22:14 +08:00
|
|
|
self.assertEqual(r.url, 'http://www.testserver/customurlconf/path/')
|
2010-03-08 04:03:04 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=True, PREPEND_WWW=True)
|
2010-03-08 04:03:04 +08:00
|
|
|
def test_prepend_www_append_slash_have_slash_custom_urlconf(self):
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/customurlconf/slash/')
|
2013-02-26 20:19:18 +08:00
|
|
|
request.urlconf = 'middleware.extra_urls'
|
2013-01-02 05:46:54 +08:00
|
|
|
r = CommonMiddleware().process_request(request)
|
|
|
|
self.assertEqual(r.status_code, 301)
|
2015-12-31 22:22:14 +08:00
|
|
|
self.assertEqual(r.url, 'http://www.testserver/customurlconf/slash/')
|
2010-03-08 04:03:04 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
@override_settings(APPEND_SLASH=True, PREPEND_WWW=True)
|
2010-03-08 04:03:04 +08:00
|
|
|
def test_prepend_www_append_slash_slashless_custom_urlconf(self):
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/customurlconf/slash')
|
2013-02-26 20:19:18 +08:00
|
|
|
request.urlconf = 'middleware.extra_urls'
|
2013-01-02 05:46:54 +08:00
|
|
|
r = CommonMiddleware().process_request(request)
|
|
|
|
self.assertEqual(r.status_code, 301)
|
2015-12-31 22:22:14 +08:00
|
|
|
self.assertEqual(r.url, 'http://www.testserver/customurlconf/slash/')
|
2011-03-01 22:28:06 +08:00
|
|
|
|
2015-12-11 02:44:10 +08:00
|
|
|
# ETag + If-Not-Modified support tests
|
|
|
|
|
|
|
|
@override_settings(USE_ETAGS=True)
|
|
|
|
def test_etag(self):
|
|
|
|
req = HttpRequest()
|
|
|
|
res = HttpResponse('content')
|
|
|
|
self.assertTrue(CommonMiddleware().process_response(req, res).has_header('ETag'))
|
|
|
|
|
|
|
|
@override_settings(USE_ETAGS=True)
|
|
|
|
def test_etag_streaming_response(self):
|
|
|
|
req = HttpRequest()
|
|
|
|
res = StreamingHttpResponse(['content'])
|
|
|
|
res['ETag'] = 'tomatoes'
|
|
|
|
self.assertEqual(CommonMiddleware().process_response(req, res).get('ETag'), 'tomatoes')
|
|
|
|
|
|
|
|
@override_settings(USE_ETAGS=True)
|
|
|
|
def test_no_etag_streaming_response(self):
|
|
|
|
req = HttpRequest()
|
|
|
|
res = StreamingHttpResponse(['content'])
|
|
|
|
self.assertFalse(CommonMiddleware().process_response(req, res).has_header('ETag'))
|
|
|
|
|
2015-12-09 19:07:02 +08:00
|
|
|
@override_settings(USE_ETAGS=True)
|
|
|
|
def test_if_none_match(self):
|
|
|
|
first_req = HttpRequest()
|
|
|
|
first_res = CommonMiddleware().process_response(first_req, HttpResponse('content'))
|
|
|
|
second_req = HttpRequest()
|
|
|
|
second_req.method = 'GET'
|
|
|
|
second_req.META['HTTP_IF_NONE_MATCH'] = first_res['ETag']
|
|
|
|
second_res = CommonMiddleware().process_response(second_req, HttpResponse('content'))
|
|
|
|
self.assertEqual(second_res.status_code, 304)
|
|
|
|
|
2012-11-04 04:26:59 +08:00
|
|
|
# Other tests
|
|
|
|
|
2014-11-13 13:08:35 +08:00
|
|
|
@override_settings(DISALLOWED_USER_AGENTS=[re.compile(r'foo')])
|
|
|
|
def test_disallowed_user_agents(self):
|
2015-06-27 22:08:59 +08:00
|
|
|
request = self.rf.get('/slash')
|
|
|
|
request.META['HTTP_USER_AGENT'] = 'foo'
|
|
|
|
with self.assertRaisesMessage(PermissionDenied, 'Forbidden user agent'):
|
|
|
|
CommonMiddleware().process_request(request)
|
2014-11-13 13:08:35 +08:00
|
|
|
|
2012-11-04 04:26:59 +08:00
|
|
|
def test_non_ascii_query_string_does_not_crash(self):
|
|
|
|
"""Regression test for #15152"""
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/slash')
|
2013-02-02 20:48:55 +08:00
|
|
|
request.META['QUERY_STRING'] = force_str('drink=café')
|
2015-04-28 13:23:42 +08:00
|
|
|
r = CommonMiddleware().process_request(request)
|
|
|
|
self.assertEqual(r.status_code, 301)
|
2012-11-04 04:26:59 +08:00
|
|
|
|
2014-11-05 04:19:10 +08:00
|
|
|
def test_response_redirect_class(self):
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/slash')
|
2015-04-28 13:23:42 +08:00
|
|
|
response = HttpResponseNotFound()
|
|
|
|
r = CommonMiddleware().process_response(request, response)
|
2014-11-05 04:19:10 +08:00
|
|
|
self.assertEqual(r.status_code, 301)
|
2015-03-14 06:40:14 +08:00
|
|
|
self.assertEqual(r.url, '/slash/')
|
2014-11-05 04:19:10 +08:00
|
|
|
self.assertIsInstance(r, HttpResponsePermanentRedirect)
|
|
|
|
|
|
|
|
def test_response_redirect_class_subclass(self):
|
|
|
|
class MyCommonMiddleware(CommonMiddleware):
|
|
|
|
response_redirect_class = HttpResponseRedirect
|
|
|
|
|
2014-12-28 04:15:16 +08:00
|
|
|
request = self.rf.get('/slash')
|
2015-04-28 13:23:42 +08:00
|
|
|
response = HttpResponseNotFound()
|
|
|
|
r = MyCommonMiddleware().process_response(request, response)
|
2014-11-05 04:19:10 +08:00
|
|
|
self.assertEqual(r.status_code, 302)
|
2015-03-14 06:40:14 +08:00
|
|
|
self.assertEqual(r.url, '/slash/')
|
2014-11-05 04:19:10 +08:00
|
|
|
self.assertIsInstance(r, HttpResponseRedirect)
|
|
|
|
|
2011-05-06 04:49:26 +08:00
|
|
|
|
2013-03-12 06:30:02 +08:00
|
|
|
@override_settings(
|
2015-01-22 00:55:57 +08:00
|
|
|
IGNORABLE_404_URLS=[re.compile(r'foo')],
|
|
|
|
MANAGERS=['PHB@dilbert.com'],
|
2013-03-12 06:30:02 +08:00
|
|
|
)
|
2015-04-18 05:38:20 +08:00
|
|
|
class BrokenLinkEmailsMiddlewareTest(SimpleTestCase):
|
2013-01-02 05:28:48 +08:00
|
|
|
|
2014-12-28 04:15:16 +08:00
|
|
|
rf = RequestFactory()
|
|
|
|
|
2013-01-02 05:28:48 +08:00
|
|
|
def setUp(self):
|
2014-12-28 04:15:16 +08:00
|
|
|
self.req = self.rf.get('/regular_url/that/does/not/exist')
|
2013-01-02 05:28:48 +08:00
|
|
|
self.resp = self.client.get(self.req.path)
|
|
|
|
|
|
|
|
def test_404_error_reporting(self):
|
|
|
|
self.req.META['HTTP_REFERER'] = '/another/url/'
|
|
|
|
BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(len(mail.outbox), 1)
|
|
|
|
self.assertIn('Broken', mail.outbox[0].subject)
|
|
|
|
|
|
|
|
def test_404_error_reporting_no_referer(self):
|
|
|
|
BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(len(mail.outbox), 0)
|
|
|
|
|
|
|
|
def test_404_error_reporting_ignored_url(self):
|
|
|
|
self.req.path = self.req.path_info = 'foo_url/that/does/not/exist'
|
|
|
|
BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(len(mail.outbox), 0)
|
|
|
|
|
2013-05-18 18:37:22 +08:00
|
|
|
@skipIf(six.PY3, "HTTP_REFERER is str type on Python 3")
|
|
|
|
def test_404_error_nonascii_referrer(self):
|
|
|
|
# Such referer strings should not happen, but anyway, if it happens,
|
|
|
|
# let's not crash
|
|
|
|
self.req.META['HTTP_REFERER'] = b'http://testserver/c/\xd0\xbb\xd0\xb8/'
|
|
|
|
BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(len(mail.outbox), 1)
|
|
|
|
|
2015-04-21 20:51:43 +08:00
|
|
|
@skipIf(six.PY3, "HTTP_USER_AGENT is str type on Python 3")
|
|
|
|
def test_404_error_nonascii_user_agent(self):
|
|
|
|
# Such user agent strings should not happen, but anyway, if it happens,
|
|
|
|
# let's not crash
|
|
|
|
self.req.META['HTTP_REFERER'] = '/another/url/'
|
|
|
|
self.req.META['HTTP_USER_AGENT'] = b'\xd0\xbb\xd0\xb8\xff\xff'
|
|
|
|
BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(len(mail.outbox), 1)
|
|
|
|
self.assertIn('User agent: \u043b\u0438\ufffd\ufffd\n', mail.outbox[0].body)
|
|
|
|
|
2013-05-24 23:55:50 +08:00
|
|
|
def test_custom_request_checker(self):
|
|
|
|
class SubclassedMiddleware(BrokenLinkEmailsMiddleware):
|
2015-12-31 22:22:14 +08:00
|
|
|
ignored_user_agent_patterns = (re.compile(r'Spider.*'), re.compile(r'Robot.*'))
|
2013-10-22 18:21:07 +08:00
|
|
|
|
2013-05-24 23:55:50 +08:00
|
|
|
def is_ignorable_request(self, request, uri, domain, referer):
|
|
|
|
'''Check user-agent in addition to normal checks.'''
|
|
|
|
if super(SubclassedMiddleware, self).is_ignorable_request(request, uri, domain, referer):
|
|
|
|
return True
|
|
|
|
user_agent = request.META['HTTP_USER_AGENT']
|
2015-12-31 22:22:14 +08:00
|
|
|
return any(pattern.search(user_agent) for pattern in self.ignored_user_agent_patterns)
|
2013-05-24 23:55:50 +08:00
|
|
|
|
|
|
|
self.req.META['HTTP_REFERER'] = '/another/url/'
|
|
|
|
self.req.META['HTTP_USER_AGENT'] = 'Spider machine 3.4'
|
|
|
|
SubclassedMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(len(mail.outbox), 0)
|
|
|
|
self.req.META['HTTP_USER_AGENT'] = 'My user agent'
|
|
|
|
SubclassedMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(len(mail.outbox), 1)
|
2013-01-02 05:28:48 +08:00
|
|
|
|
2015-08-24 02:54:15 +08:00
|
|
|
def test_referer_equal_to_requested_url(self):
|
|
|
|
"""
|
|
|
|
Some bots set the referer to the current URL to avoid being blocked by
|
|
|
|
an referer check (#25302).
|
|
|
|
"""
|
|
|
|
self.req.META['HTTP_REFERER'] = self.req.path
|
|
|
|
BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(len(mail.outbox), 0)
|
2015-11-27 04:27:12 +08:00
|
|
|
|
2015-08-24 02:54:15 +08:00
|
|
|
# URL with scheme and domain should also be ignored
|
|
|
|
self.req.META['HTTP_REFERER'] = 'http://testserver%s' % self.req.path
|
|
|
|
BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(len(mail.outbox), 0)
|
|
|
|
|
2015-11-27 04:27:12 +08:00
|
|
|
# URL with a different scheme should be ignored as well because bots
|
|
|
|
# tend to use http:// in referers even when browsing HTTPS websites.
|
|
|
|
self.req.META['HTTP_X_PROTO'] = 'https'
|
|
|
|
self.req.META['SERVER_PORT'] = 443
|
|
|
|
with self.settings(SECURE_PROXY_SSL_HEADER=('HTTP_X_PROTO', 'https')):
|
|
|
|
BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(len(mail.outbox), 0)
|
|
|
|
|
2015-08-24 02:54:15 +08:00
|
|
|
def test_referer_equal_to_requested_url_on_another_domain(self):
|
|
|
|
self.req.META['HTTP_REFERER'] = 'http://anotherserver%s' % self.req.path
|
|
|
|
BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)
|
2016-01-22 03:23:51 +08:00
|
|
|
self.assertEqual(len(mail.outbox), 1)
|
|
|
|
|
|
|
|
@override_settings(APPEND_SLASH=True)
|
|
|
|
def test_referer_equal_to_requested_url_without_trailing_slash_when_append_slash_is_set(self):
|
|
|
|
self.req.path = self.req.path_info = '/regular_url/that/does/not/exist/'
|
|
|
|
self.req.META['HTTP_REFERER'] = self.req.path_info[:-1]
|
|
|
|
BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(len(mail.outbox), 0)
|
|
|
|
|
|
|
|
@override_settings(APPEND_SLASH=False)
|
|
|
|
def test_referer_equal_to_requested_url_without_trailing_slash_when_append_slash_is_unset(self):
|
|
|
|
self.req.path = self.req.path_info = '/regular_url/that/does/not/exist/'
|
|
|
|
self.req.META['HTTP_REFERER'] = self.req.path_info[:-1]
|
|
|
|
BrokenLinkEmailsMiddleware().process_response(self.req, self.resp)
|
2015-08-24 02:54:15 +08:00
|
|
|
self.assertEqual(len(mail.outbox), 1)
|
|
|
|
|
2013-11-03 12:36:09 +08:00
|
|
|
|
2014-04-05 14:04:46 +08:00
|
|
|
@override_settings(ROOT_URLCONF='middleware.cond_get_urls')
|
2015-04-18 05:38:20 +08:00
|
|
|
class ConditionalGetMiddlewareTest(SimpleTestCase):
|
2013-10-22 18:21:07 +08:00
|
|
|
|
2011-03-01 22:28:06 +08:00
|
|
|
def setUp(self):
|
2014-12-28 04:15:16 +08:00
|
|
|
self.req = RequestFactory().get('/')
|
|
|
|
self.resp = self.client.get(self.req.path_info)
|
2011-03-01 22:28:06 +08:00
|
|
|
|
|
|
|
# Tests for the Date header
|
|
|
|
|
|
|
|
def test_date_header_added(self):
|
2014-10-28 18:02:56 +08:00
|
|
|
self.assertNotIn('Date', self.resp)
|
2011-03-01 22:28:06 +08:00
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
2014-10-28 18:02:56 +08:00
|
|
|
self.assertIn('Date', self.resp)
|
2011-03-01 22:28:06 +08:00
|
|
|
|
|
|
|
# Tests for the Content-Length header
|
|
|
|
|
|
|
|
def test_content_length_header_added(self):
|
|
|
|
content_length = len(self.resp.content)
|
2014-10-28 18:02:56 +08:00
|
|
|
self.assertNotIn('Content-Length', self.resp)
|
2011-03-01 22:28:06 +08:00
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
2014-10-28 18:02:56 +08:00
|
|
|
self.assertIn('Content-Length', self.resp)
|
2011-03-01 22:28:06 +08:00
|
|
|
self.assertEqual(int(self.resp['Content-Length']), content_length)
|
|
|
|
|
2012-10-20 23:40:14 +08:00
|
|
|
def test_content_length_header_not_added(self):
|
|
|
|
resp = StreamingHttpResponse('content')
|
2014-10-28 18:02:56 +08:00
|
|
|
self.assertNotIn('Content-Length', resp)
|
2012-10-20 23:40:14 +08:00
|
|
|
resp = ConditionalGetMiddleware().process_response(self.req, resp)
|
2014-10-28 18:02:56 +08:00
|
|
|
self.assertNotIn('Content-Length', resp)
|
2012-10-20 23:40:14 +08:00
|
|
|
|
2011-03-01 22:28:06 +08:00
|
|
|
def test_content_length_header_not_changed(self):
|
|
|
|
bad_content_length = len(self.resp.content) + 10
|
|
|
|
self.resp['Content-Length'] = bad_content_length
|
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(int(self.resp['Content-Length']), bad_content_length)
|
|
|
|
|
|
|
|
# Tests for the ETag header
|
|
|
|
|
|
|
|
def test_if_none_match_and_no_etag(self):
|
|
|
|
self.req.META['HTTP_IF_NONE_MATCH'] = 'spam'
|
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
2011-03-03 23:04:39 +08:00
|
|
|
self.assertEqual(self.resp.status_code, 200)
|
2011-03-01 22:28:06 +08:00
|
|
|
|
|
|
|
def test_no_if_none_match_and_etag(self):
|
|
|
|
self.resp['ETag'] = 'eggs'
|
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
2011-03-03 23:04:39 +08:00
|
|
|
self.assertEqual(self.resp.status_code, 200)
|
2011-03-01 22:28:06 +08:00
|
|
|
|
|
|
|
def test_if_none_match_and_same_etag(self):
|
|
|
|
self.req.META['HTTP_IF_NONE_MATCH'] = self.resp['ETag'] = 'spam'
|
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
2011-03-03 23:04:39 +08:00
|
|
|
self.assertEqual(self.resp.status_code, 304)
|
2011-03-01 22:28:06 +08:00
|
|
|
|
2016-01-05 15:09:10 +08:00
|
|
|
def test_if_none_match_and_same_etag_with_quotes(self):
|
|
|
|
self.req.META['HTTP_IF_NONE_MATCH'] = self.resp['ETag'] = '"spam"'
|
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(self.resp.status_code, 304)
|
|
|
|
|
2011-03-01 22:28:06 +08:00
|
|
|
def test_if_none_match_and_different_etag(self):
|
|
|
|
self.req.META['HTTP_IF_NONE_MATCH'] = 'spam'
|
|
|
|
self.resp['ETag'] = 'eggs'
|
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
2011-03-03 23:04:39 +08:00
|
|
|
self.assertEqual(self.resp.status_code, 200)
|
2011-03-01 22:28:06 +08:00
|
|
|
|
2014-04-15 07:44:05 +08:00
|
|
|
def test_if_none_match_and_redirect(self):
|
|
|
|
self.req.META['HTTP_IF_NONE_MATCH'] = self.resp['ETag'] = 'spam'
|
|
|
|
self.resp['Location'] = '/'
|
|
|
|
self.resp.status_code = 301
|
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(self.resp.status_code, 301)
|
|
|
|
|
|
|
|
def test_if_none_match_and_client_error(self):
|
|
|
|
self.req.META['HTTP_IF_NONE_MATCH'] = self.resp['ETag'] = 'spam'
|
|
|
|
self.resp.status_code = 400
|
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(self.resp.status_code, 400)
|
|
|
|
|
2011-03-01 22:28:06 +08:00
|
|
|
# Tests for the Last-Modified header
|
|
|
|
|
|
|
|
def test_if_modified_since_and_no_last_modified(self):
|
|
|
|
self.req.META['HTTP_IF_MODIFIED_SINCE'] = 'Sat, 12 Feb 2011 17:38:44 GMT'
|
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
2011-03-03 23:04:39 +08:00
|
|
|
self.assertEqual(self.resp.status_code, 200)
|
2011-03-01 22:28:06 +08:00
|
|
|
|
|
|
|
def test_no_if_modified_since_and_last_modified(self):
|
|
|
|
self.resp['Last-Modified'] = 'Sat, 12 Feb 2011 17:38:44 GMT'
|
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
2011-03-03 23:04:39 +08:00
|
|
|
self.assertEqual(self.resp.status_code, 200)
|
2011-03-01 22:28:06 +08:00
|
|
|
|
|
|
|
def test_if_modified_since_and_same_last_modified(self):
|
|
|
|
self.req.META['HTTP_IF_MODIFIED_SINCE'] = 'Sat, 12 Feb 2011 17:38:44 GMT'
|
|
|
|
self.resp['Last-Modified'] = 'Sat, 12 Feb 2011 17:38:44 GMT'
|
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
2011-03-03 23:04:39 +08:00
|
|
|
self.assertEqual(self.resp.status_code, 304)
|
2011-03-01 22:28:06 +08:00
|
|
|
|
|
|
|
def test_if_modified_since_and_last_modified_in_the_past(self):
|
|
|
|
self.req.META['HTTP_IF_MODIFIED_SINCE'] = 'Sat, 12 Feb 2011 17:38:44 GMT'
|
|
|
|
self.resp['Last-Modified'] = 'Sat, 12 Feb 2011 17:35:44 GMT'
|
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
2011-03-03 23:04:39 +08:00
|
|
|
self.assertEqual(self.resp.status_code, 304)
|
2011-03-01 22:28:06 +08:00
|
|
|
|
|
|
|
def test_if_modified_since_and_last_modified_in_the_future(self):
|
|
|
|
self.req.META['HTTP_IF_MODIFIED_SINCE'] = 'Sat, 12 Feb 2011 17:38:44 GMT'
|
|
|
|
self.resp['Last-Modified'] = 'Sat, 12 Feb 2011 17:41:44 GMT'
|
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
2011-03-03 23:04:39 +08:00
|
|
|
self.assertEqual(self.resp.status_code, 200)
|
2011-05-31 06:27:47 +08:00
|
|
|
|
2014-04-15 07:44:05 +08:00
|
|
|
def test_if_modified_since_and_redirect(self):
|
|
|
|
self.req.META['HTTP_IF_MODIFIED_SINCE'] = 'Sat, 12 Feb 2011 17:38:44 GMT'
|
|
|
|
self.resp['Last-Modified'] = 'Sat, 12 Feb 2011 17:35:44 GMT'
|
|
|
|
self.resp['Location'] = '/'
|
|
|
|
self.resp.status_code = 301
|
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(self.resp.status_code, 301)
|
|
|
|
|
|
|
|
def test_if_modified_since_and_client_error(self):
|
|
|
|
self.req.META['HTTP_IF_MODIFIED_SINCE'] = 'Sat, 12 Feb 2011 17:38:44 GMT'
|
|
|
|
self.resp['Last-Modified'] = 'Sat, 12 Feb 2011 17:35:44 GMT'
|
|
|
|
self.resp.status_code = 400
|
|
|
|
self.resp = ConditionalGetMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(self.resp.status_code, 400)
|
|
|
|
|
2011-05-31 06:27:47 +08:00
|
|
|
|
2015-04-18 05:38:20 +08:00
|
|
|
class XFrameOptionsMiddlewareTest(SimpleTestCase):
|
2011-05-31 06:27:47 +08:00
|
|
|
"""
|
|
|
|
Tests for the X-Frame-Options clickjacking prevention middleware.
|
|
|
|
"""
|
|
|
|
|
|
|
|
def test_same_origin(self):
|
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
The X_FRAME_OPTIONS setting can be set to SAMEORIGIN to have the
|
|
|
|
middleware use that value for the HTTP header.
|
2011-05-31 06:27:47 +08:00
|
|
|
"""
|
2013-01-02 05:46:54 +08:00
|
|
|
with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'):
|
2015-12-31 22:22:14 +08:00
|
|
|
r = XFrameOptionsMiddleware().process_response(HttpRequest(), HttpResponse())
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')
|
2011-05-31 06:27:47 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
with override_settings(X_FRAME_OPTIONS='sameorigin'):
|
2015-12-31 22:22:14 +08:00
|
|
|
r = XFrameOptionsMiddleware().process_response(HttpRequest(), HttpResponse())
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')
|
2011-05-31 06:27:47 +08:00
|
|
|
|
|
|
|
def test_deny(self):
|
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
The X_FRAME_OPTIONS setting can be set to DENY to have the middleware
|
|
|
|
use that value for the HTTP header.
|
2011-05-31 06:27:47 +08:00
|
|
|
"""
|
2013-01-02 05:46:54 +08:00
|
|
|
with override_settings(X_FRAME_OPTIONS='DENY'):
|
2015-12-31 22:22:14 +08:00
|
|
|
r = XFrameOptionsMiddleware().process_response(HttpRequest(), HttpResponse())
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(r['X-Frame-Options'], 'DENY')
|
2011-05-31 06:27:47 +08:00
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
with override_settings(X_FRAME_OPTIONS='deny'):
|
2015-12-31 22:22:14 +08:00
|
|
|
r = XFrameOptionsMiddleware().process_response(HttpRequest(), HttpResponse())
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(r['X-Frame-Options'], 'DENY')
|
2011-05-31 06:27:47 +08:00
|
|
|
|
|
|
|
def test_defaults_sameorigin(self):
|
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
If the X_FRAME_OPTIONS setting is not set then it defaults to
|
|
|
|
SAMEORIGIN.
|
2011-05-31 06:27:47 +08:00
|
|
|
"""
|
2013-01-02 05:46:54 +08:00
|
|
|
with override_settings(X_FRAME_OPTIONS=None):
|
|
|
|
del settings.X_FRAME_OPTIONS # restored by override_settings
|
2015-12-31 22:22:14 +08:00
|
|
|
r = XFrameOptionsMiddleware().process_response(HttpRequest(), HttpResponse())
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')
|
2011-05-31 06:27:47 +08:00
|
|
|
|
|
|
|
def test_dont_set_if_set(self):
|
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
If the X-Frame-Options header is already set then the middleware does
|
|
|
|
not attempt to override it.
|
2011-05-31 06:27:47 +08:00
|
|
|
"""
|
2013-01-02 05:46:54 +08:00
|
|
|
with override_settings(X_FRAME_OPTIONS='DENY'):
|
|
|
|
response = HttpResponse()
|
|
|
|
response['X-Frame-Options'] = 'SAMEORIGIN'
|
2015-12-31 22:22:14 +08:00
|
|
|
r = XFrameOptionsMiddleware().process_response(HttpRequest(), response)
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')
|
|
|
|
|
|
|
|
with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'):
|
|
|
|
response = HttpResponse()
|
|
|
|
response['X-Frame-Options'] = 'DENY'
|
2015-12-31 22:22:14 +08:00
|
|
|
r = XFrameOptionsMiddleware().process_response(HttpRequest(), response)
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(r['X-Frame-Options'], 'DENY')
|
2011-05-31 06:27:47 +08:00
|
|
|
|
|
|
|
def test_response_exempt(self):
|
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
If the response has an xframe_options_exempt attribute set to False
|
|
|
|
then it still sets the header, but if it's set to True then it doesn't.
|
2011-05-31 06:27:47 +08:00
|
|
|
"""
|
2013-01-02 05:46:54 +08:00
|
|
|
with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'):
|
|
|
|
response = HttpResponse()
|
|
|
|
response.xframe_options_exempt = False
|
2015-12-31 22:22:14 +08:00
|
|
|
r = XFrameOptionsMiddleware().process_response(HttpRequest(), response)
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')
|
|
|
|
|
|
|
|
response = HttpResponse()
|
|
|
|
response.xframe_options_exempt = True
|
2015-12-31 22:22:14 +08:00
|
|
|
r = XFrameOptionsMiddleware().process_response(HttpRequest(), response)
|
|
|
|
self.assertIsNone(r.get('X-Frame-Options'))
|
2011-05-31 06:27:47 +08:00
|
|
|
|
|
|
|
def test_is_extendable(self):
|
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
The XFrameOptionsMiddleware method that determines the X-Frame-Options
|
|
|
|
header value can be overridden based on something in the request or
|
|
|
|
response.
|
2011-05-31 06:27:47 +08:00
|
|
|
"""
|
|
|
|
class OtherXFrameOptionsMiddleware(XFrameOptionsMiddleware):
|
|
|
|
# This is just an example for testing purposes...
|
|
|
|
def get_xframe_options_value(self, request, response):
|
|
|
|
if getattr(request, 'sameorigin', False):
|
|
|
|
return 'SAMEORIGIN'
|
|
|
|
if getattr(response, 'sameorigin', False):
|
|
|
|
return 'SAMEORIGIN'
|
|
|
|
return 'DENY'
|
|
|
|
|
2013-01-02 05:46:54 +08:00
|
|
|
with override_settings(X_FRAME_OPTIONS='DENY'):
|
|
|
|
response = HttpResponse()
|
|
|
|
response.sameorigin = True
|
2015-12-31 22:22:14 +08:00
|
|
|
r = OtherXFrameOptionsMiddleware().process_response(HttpRequest(), response)
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')
|
|
|
|
|
|
|
|
request = HttpRequest()
|
|
|
|
request.sameorigin = True
|
2015-12-31 22:22:14 +08:00
|
|
|
r = OtherXFrameOptionsMiddleware().process_response(request, HttpResponse())
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')
|
|
|
|
|
|
|
|
with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'):
|
2015-12-31 22:22:14 +08:00
|
|
|
r = OtherXFrameOptionsMiddleware().process_response(HttpRequest(), HttpResponse())
|
2013-01-02 05:46:54 +08:00
|
|
|
self.assertEqual(r['X-Frame-Options'], 'DENY')
|
2012-01-10 05:42:03 +08:00
|
|
|
|
|
|
|
|
2015-04-18 05:38:20 +08:00
|
|
|
class GZipMiddlewareTest(SimpleTestCase):
|
2012-01-10 05:42:03 +08:00
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
Tests the GZipMiddleware.
|
2012-01-10 05:42:03 +08:00
|
|
|
"""
|
2012-08-16 04:42:18 +08:00
|
|
|
short_string = b"This string is too short to be worth compressing."
|
|
|
|
compressible_string = b'a' * 500
|
2015-12-31 22:22:14 +08:00
|
|
|
incompressible_string = b''.join(six.int2byte(random.randint(0, 255)) for _ in range(500))
|
2012-10-20 23:40:14 +08:00
|
|
|
sequence = [b'a' * 500, b'b' * 200, b'a' * 300]
|
Fixed #24240 -- Allowed GZipping a Unicode StreamingHttpResponse
make_bytes() assumed that if the Content-Encoding header is set, then
everything had already been dealt with bytes-wise, but in a streaming
situation this was not necessarily the case.
make_bytes() is only called when necessary when working with a
StreamingHttpResponse iterable, but by that point the middleware has
added the Content-Encoding header and thus make_bytes() tried to call
bytes(value) (and dies). If it had been a normal HttpResponse,
make_bytes() would have been called when the content was set, well
before the middleware set the Content-Encoding header.
This commit removes the special casing when Content-Encoding is set,
allowing unicode strings to be encoded during the iteration before they
are e.g. gzipped. This behaviour was added a long time ago for #4969 and
it doesn't appear to be necessary any more, as everything is correctly
made into bytes at the appropriate places.
Two new tests, to show that supplying non-ASCII characters to a
StreamingHttpResponse works fine normally, and when passed through the
GZip middleware (the latter dies without the change to make_bytes()).
Removes the test with a nonsense Content-Encoding and Unicode input - if
this were to happen, it can still be encoded as bytes fine.
2015-01-29 05:43:23 +08:00
|
|
|
sequence_unicode = ['a' * 500, 'é' * 200, 'a' * 300]
|
2012-01-10 05:42:03 +08:00
|
|
|
|
|
|
|
def setUp(self):
|
2014-12-28 04:15:16 +08:00
|
|
|
self.req = RequestFactory().get('/')
|
2012-01-10 05:42:03 +08:00
|
|
|
self.req.META['HTTP_ACCEPT_ENCODING'] = 'gzip, deflate'
|
|
|
|
self.req.META['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1'
|
|
|
|
self.resp = HttpResponse()
|
|
|
|
self.resp.status_code = 200
|
|
|
|
self.resp.content = self.compressible_string
|
|
|
|
self.resp['Content-Type'] = 'text/html; charset=UTF-8'
|
2012-10-20 23:40:14 +08:00
|
|
|
self.stream_resp = StreamingHttpResponse(self.sequence)
|
|
|
|
self.stream_resp['Content-Type'] = 'text/html; charset=UTF-8'
|
Fixed #24240 -- Allowed GZipping a Unicode StreamingHttpResponse
make_bytes() assumed that if the Content-Encoding header is set, then
everything had already been dealt with bytes-wise, but in a streaming
situation this was not necessarily the case.
make_bytes() is only called when necessary when working with a
StreamingHttpResponse iterable, but by that point the middleware has
added the Content-Encoding header and thus make_bytes() tried to call
bytes(value) (and dies). If it had been a normal HttpResponse,
make_bytes() would have been called when the content was set, well
before the middleware set the Content-Encoding header.
This commit removes the special casing when Content-Encoding is set,
allowing unicode strings to be encoded during the iteration before they
are e.g. gzipped. This behaviour was added a long time ago for #4969 and
it doesn't appear to be necessary any more, as everything is correctly
made into bytes at the appropriate places.
Two new tests, to show that supplying non-ASCII characters to a
StreamingHttpResponse works fine normally, and when passed through the
GZip middleware (the latter dies without the change to make_bytes()).
Removes the test with a nonsense Content-Encoding and Unicode input - if
this were to happen, it can still be encoded as bytes fine.
2015-01-29 05:43:23 +08:00
|
|
|
self.stream_resp_unicode = StreamingHttpResponse(self.sequence_unicode)
|
|
|
|
self.stream_resp_unicode['Content-Type'] = 'text/html; charset=UTF-8'
|
2012-01-10 05:42:03 +08:00
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
def decompress(gzipped_string):
|
2015-07-02 05:37:10 +08:00
|
|
|
with gzip.GzipFile(mode='rb', fileobj=BytesIO(gzipped_string)) as f:
|
|
|
|
return f.read()
|
2012-01-10 05:42:03 +08:00
|
|
|
|
|
|
|
def test_compress_response(self):
|
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
Compression is performed on responses with compressible content.
|
2012-01-10 05:42:03 +08:00
|
|
|
"""
|
|
|
|
r = GZipMiddleware().process_response(self.req, self.resp)
|
2012-08-16 04:42:18 +08:00
|
|
|
self.assertEqual(self.decompress(r.content), self.compressible_string)
|
2012-01-10 05:42:03 +08:00
|
|
|
self.assertEqual(r.get('Content-Encoding'), 'gzip')
|
|
|
|
self.assertEqual(r.get('Content-Length'), str(len(r.content)))
|
|
|
|
|
2012-10-20 23:40:14 +08:00
|
|
|
def test_compress_streaming_response(self):
|
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
Compression is performed on responses with streaming content.
|
2012-10-20 23:40:14 +08:00
|
|
|
"""
|
|
|
|
r = GZipMiddleware().process_response(self.req, self.stream_resp)
|
|
|
|
self.assertEqual(self.decompress(b''.join(r)), b''.join(self.sequence))
|
|
|
|
self.assertEqual(r.get('Content-Encoding'), 'gzip')
|
|
|
|
self.assertFalse(r.has_header('Content-Length'))
|
|
|
|
|
Fixed #24240 -- Allowed GZipping a Unicode StreamingHttpResponse
make_bytes() assumed that if the Content-Encoding header is set, then
everything had already been dealt with bytes-wise, but in a streaming
situation this was not necessarily the case.
make_bytes() is only called when necessary when working with a
StreamingHttpResponse iterable, but by that point the middleware has
added the Content-Encoding header and thus make_bytes() tried to call
bytes(value) (and dies). If it had been a normal HttpResponse,
make_bytes() would have been called when the content was set, well
before the middleware set the Content-Encoding header.
This commit removes the special casing when Content-Encoding is set,
allowing unicode strings to be encoded during the iteration before they
are e.g. gzipped. This behaviour was added a long time ago for #4969 and
it doesn't appear to be necessary any more, as everything is correctly
made into bytes at the appropriate places.
Two new tests, to show that supplying non-ASCII characters to a
StreamingHttpResponse works fine normally, and when passed through the
GZip middleware (the latter dies without the change to make_bytes()).
Removes the test with a nonsense Content-Encoding and Unicode input - if
this were to happen, it can still be encoded as bytes fine.
2015-01-29 05:43:23 +08:00
|
|
|
def test_compress_streaming_response_unicode(self):
|
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
Compression is performed on responses with streaming Unicode content.
|
Fixed #24240 -- Allowed GZipping a Unicode StreamingHttpResponse
make_bytes() assumed that if the Content-Encoding header is set, then
everything had already been dealt with bytes-wise, but in a streaming
situation this was not necessarily the case.
make_bytes() is only called when necessary when working with a
StreamingHttpResponse iterable, but by that point the middleware has
added the Content-Encoding header and thus make_bytes() tried to call
bytes(value) (and dies). If it had been a normal HttpResponse,
make_bytes() would have been called when the content was set, well
before the middleware set the Content-Encoding header.
This commit removes the special casing when Content-Encoding is set,
allowing unicode strings to be encoded during the iteration before they
are e.g. gzipped. This behaviour was added a long time ago for #4969 and
it doesn't appear to be necessary any more, as everything is correctly
made into bytes at the appropriate places.
Two new tests, to show that supplying non-ASCII characters to a
StreamingHttpResponse works fine normally, and when passed through the
GZip middleware (the latter dies without the change to make_bytes()).
Removes the test with a nonsense Content-Encoding and Unicode input - if
this were to happen, it can still be encoded as bytes fine.
2015-01-29 05:43:23 +08:00
|
|
|
"""
|
|
|
|
r = GZipMiddleware().process_response(self.req, self.stream_resp_unicode)
|
2015-12-31 22:22:14 +08:00
|
|
|
self.assertEqual(
|
|
|
|
self.decompress(b''.join(r)),
|
|
|
|
b''.join(x.encode('utf-8') for x in self.sequence_unicode)
|
|
|
|
)
|
Fixed #24240 -- Allowed GZipping a Unicode StreamingHttpResponse
make_bytes() assumed that if the Content-Encoding header is set, then
everything had already been dealt with bytes-wise, but in a streaming
situation this was not necessarily the case.
make_bytes() is only called when necessary when working with a
StreamingHttpResponse iterable, but by that point the middleware has
added the Content-Encoding header and thus make_bytes() tried to call
bytes(value) (and dies). If it had been a normal HttpResponse,
make_bytes() would have been called when the content was set, well
before the middleware set the Content-Encoding header.
This commit removes the special casing when Content-Encoding is set,
allowing unicode strings to be encoded during the iteration before they
are e.g. gzipped. This behaviour was added a long time ago for #4969 and
it doesn't appear to be necessary any more, as everything is correctly
made into bytes at the appropriate places.
Two new tests, to show that supplying non-ASCII characters to a
StreamingHttpResponse works fine normally, and when passed through the
GZip middleware (the latter dies without the change to make_bytes()).
Removes the test with a nonsense Content-Encoding and Unicode input - if
this were to happen, it can still be encoded as bytes fine.
2015-01-29 05:43:23 +08:00
|
|
|
self.assertEqual(r.get('Content-Encoding'), 'gzip')
|
|
|
|
self.assertFalse(r.has_header('Content-Length'))
|
|
|
|
|
2015-01-04 01:06:24 +08:00
|
|
|
def test_compress_file_response(self):
|
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
Compression is performed on FileResponse.
|
2015-01-04 01:06:24 +08:00
|
|
|
"""
|
2016-01-24 00:47:07 +08:00
|
|
|
with open(__file__, 'rb') as file1:
|
2015-01-04 01:06:24 +08:00
|
|
|
file_resp = FileResponse(file1)
|
|
|
|
file_resp['Content-Type'] = 'text/html; charset=UTF-8'
|
|
|
|
r = GZipMiddleware().process_response(self.req, file_resp)
|
2016-01-24 00:47:07 +08:00
|
|
|
with open(__file__, 'rb') as file2:
|
2015-01-04 01:06:24 +08:00
|
|
|
self.assertEqual(self.decompress(b''.join(r)), file2.read())
|
|
|
|
self.assertEqual(r.get('Content-Encoding'), 'gzip')
|
|
|
|
self.assertIsNot(r.file_to_stream, file1)
|
|
|
|
|
2012-01-10 05:42:03 +08:00
|
|
|
def test_compress_non_200_response(self):
|
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
Compression is performed on responses with a status other than 200
|
|
|
|
(#10762).
|
2012-01-10 05:42:03 +08:00
|
|
|
"""
|
|
|
|
self.resp.status_code = 404
|
|
|
|
r = GZipMiddleware().process_response(self.req, self.resp)
|
2012-08-16 04:42:18 +08:00
|
|
|
self.assertEqual(self.decompress(r.content), self.compressible_string)
|
2012-01-10 05:42:03 +08:00
|
|
|
self.assertEqual(r.get('Content-Encoding'), 'gzip')
|
|
|
|
|
|
|
|
def test_no_compress_short_response(self):
|
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
Compression isn't performed on responses with short content.
|
2012-01-10 05:42:03 +08:00
|
|
|
"""
|
|
|
|
self.resp.content = self.short_string
|
|
|
|
r = GZipMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(r.content, self.short_string)
|
2015-12-31 22:22:14 +08:00
|
|
|
self.assertIsNone(r.get('Content-Encoding'))
|
2012-01-10 05:42:03 +08:00
|
|
|
|
|
|
|
def test_no_compress_compressed_response(self):
|
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
Compression isn't performed on responses that are already compressed.
|
2012-01-10 05:42:03 +08:00
|
|
|
"""
|
|
|
|
self.resp['Content-Encoding'] = 'deflate'
|
|
|
|
r = GZipMiddleware().process_response(self.req, self.resp)
|
|
|
|
self.assertEqual(r.content, self.compressible_string)
|
|
|
|
self.assertEqual(r.get('Content-Encoding'), 'deflate')
|
|
|
|
|
2015-12-31 22:22:14 +08:00
|
|
|
def test_no_compress_incompressible_response(self):
|
2012-01-10 05:42:03 +08:00
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
Compression isn't performed on responses with incompressible content.
|
2012-01-10 05:42:03 +08:00
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
self.resp.content = self.incompressible_string
|
2012-01-10 05:42:03 +08:00
|
|
|
r = GZipMiddleware().process_response(self.req, self.resp)
|
2015-12-31 22:22:14 +08:00
|
|
|
self.assertEqual(r.content, self.incompressible_string)
|
|
|
|
self.assertIsNone(r.get('Content-Encoding'))
|
2012-02-10 02:57:13 +08:00
|
|
|
|
|
|
|
|
2012-03-30 17:08:29 +08:00
|
|
|
@override_settings(USE_ETAGS=True)
|
2015-04-18 05:38:20 +08:00
|
|
|
class ETagGZipMiddlewareTest(SimpleTestCase):
|
2012-02-10 02:57:13 +08:00
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
Tests if the ETagMiddleware behaves correctly with GZipMiddleware.
|
2012-02-10 02:57:13 +08:00
|
|
|
"""
|
2014-12-28 04:15:16 +08:00
|
|
|
rf = RequestFactory()
|
2012-08-16 04:42:18 +08:00
|
|
|
compressible_string = b'a' * 500
|
2012-02-10 02:57:13 +08:00
|
|
|
|
|
|
|
def test_compress_response(self):
|
|
|
|
"""
|
2015-12-31 22:22:14 +08:00
|
|
|
ETag is changed after gzip compression is performed.
|
2012-02-10 02:57:13 +08:00
|
|
|
"""
|
|
|
|
request = self.rf.get('/', HTTP_ACCEPT_ENCODING='gzip, deflate')
|
2016-04-08 10:04:45 +08:00
|
|
|
response = GZipMiddleware().process_response(
|
|
|
|
request,
|
|
|
|
CommonMiddleware().process_response(request, HttpResponse(self.compressible_string))
|
|
|
|
)
|
2012-02-10 02:57:13 +08:00
|
|
|
gzip_etag = response.get('ETag')
|
|
|
|
|
|
|
|
request = self.rf.get('/', HTTP_ACCEPT_ENCODING='')
|
2016-04-08 10:04:45 +08:00
|
|
|
response = GZipMiddleware().process_response(
|
|
|
|
request,
|
|
|
|
CommonMiddleware().process_response(request, HttpResponse(self.compressible_string))
|
|
|
|
)
|
2012-02-10 02:57:13 +08:00
|
|
|
nogzip_etag = response.get('ETag')
|
|
|
|
|
|
|
|
self.assertNotEqual(gzip_etag, nogzip_etag)
|