Modernized middleware tests.

* Used override_settings consistently -- changes to DEBUG could leak.
* Took advantage of assertRaisesRegexp.
* Fixed indentation -- some code was indented at 2 spaces.
This commit is contained in:
Aymeric Augustin 2013-01-01 22:46:54 +01:00
parent 884f77bd15
commit feb41c3246
1 changed files with 161 additions and 198 deletions

View File

@ -20,17 +20,6 @@ from django.utils.six.moves import xrange
class CommonMiddlewareTest(TestCase): class CommonMiddlewareTest(TestCase):
def setUp(self):
self.append_slash = settings.APPEND_SLASH
self.prepend_www = settings.PREPEND_WWW
self.ignorable_404_urls = settings.IGNORABLE_404_URLS
self.send_broken_email_links = settings.SEND_BROKEN_LINK_EMAILS
def tearDown(self):
settings.APPEND_SLASH = self.append_slash
settings.PREPEND_WWW = self.prepend_www
settings.IGNORABLE_404_URLS = self.ignorable_404_urls
settings.SEND_BROKEN_LINK_EMAILS = self.send_broken_email_links
def _get_request(self, path): def _get_request(self, path):
request = HttpRequest() request = HttpRequest()
@ -41,74 +30,66 @@ class CommonMiddlewareTest(TestCase):
request.path = request.path_info = "/middleware/%s" % path request.path = request.path_info = "/middleware/%s" % path
return request return request
@override_settings(APPEND_SLASH=True)
def test_append_slash_have_slash(self): def test_append_slash_have_slash(self):
""" """
Tests that URLs with slashes go unmolested. Tests that URLs with slashes go unmolested.
""" """
settings.APPEND_SLASH = True
request = self._get_request('slash/') request = self._get_request('slash/')
self.assertEqual(CommonMiddleware().process_request(request), None) self.assertEqual(CommonMiddleware().process_request(request), None)
@override_settings(APPEND_SLASH=True)
def test_append_slash_slashless_resource(self): def test_append_slash_slashless_resource(self):
""" """
Tests that matches to explicit slashless URLs go unmolested. Tests that matches to explicit slashless URLs go unmolested.
""" """
settings.APPEND_SLASH = True
request = self._get_request('noslash') request = self._get_request('noslash')
self.assertEqual(CommonMiddleware().process_request(request), None) self.assertEqual(CommonMiddleware().process_request(request), None)
@override_settings(APPEND_SLASH=True)
def test_append_slash_slashless_unknown(self): def test_append_slash_slashless_unknown(self):
""" """
Tests that APPEND_SLASH doesn't redirect to unknown resources. Tests that APPEND_SLASH doesn't redirect to unknown resources.
""" """
settings.APPEND_SLASH = True
request = self._get_request('unknown') request = self._get_request('unknown')
self.assertEqual(CommonMiddleware().process_request(request), None) self.assertEqual(CommonMiddleware().process_request(request), None)
@override_settings(APPEND_SLASH=True)
def test_append_slash_redirect(self): def test_append_slash_redirect(self):
""" """
Tests that APPEND_SLASH redirects slashless URLs to a valid pattern. Tests that APPEND_SLASH redirects slashless URLs to a valid pattern.
""" """
settings.APPEND_SLASH = True
request = self._get_request('slash') request = self._get_request('slash')
r = CommonMiddleware().process_request(request) r = CommonMiddleware().process_request(request)
self.assertEqual(r.status_code, 301) self.assertEqual(r.status_code, 301)
self.assertEqual(r['Location'], 'http://testserver/middleware/slash/') self.assertEqual(r['Location'], 'http://testserver/middleware/slash/')
@override_settings(APPEND_SLASH=True, DEBUG=True)
def test_append_slash_no_redirect_on_POST_in_DEBUG(self): def test_append_slash_no_redirect_on_POST_in_DEBUG(self):
""" """
Tests that while in debug mode, an exception is raised with a warning Tests that while in debug mode, an exception is raised with a warning
when a failed attempt is made to POST to an URL which would normally be when a failed attempt is made to POST to an URL which would normally be
redirected to a slashed version. redirected to a slashed version.
""" """
settings.APPEND_SLASH = True
settings.DEBUG = True
request = self._get_request('slash') request = self._get_request('slash')
request.method = 'POST' request.method = 'POST'
self.assertRaises( with six.assertRaisesRegex(self, RuntimeError, 'end in a slash'):
RuntimeError,
CommonMiddleware().process_request,
request)
try:
CommonMiddleware().process_request(request) CommonMiddleware().process_request(request)
except RuntimeError as e:
self.assertTrue('end in a slash' in str(e))
settings.DEBUG = False
@override_settings(APPEND_SLASH=False)
def test_append_slash_disabled(self): def test_append_slash_disabled(self):
""" """
Tests disabling append slash functionality. Tests disabling append slash functionality.
""" """
settings.APPEND_SLASH = False
request = self._get_request('slash') request = self._get_request('slash')
self.assertEqual(CommonMiddleware().process_request(request), None) self.assertEqual(CommonMiddleware().process_request(request), None)
@override_settings(APPEND_SLASH=True)
def test_append_slash_quoted(self): def test_append_slash_quoted(self):
""" """
Tests that URLs which require quoting are redirected to their slash Tests that URLs which require quoting are redirected to their slash
version ok. version ok.
""" """
settings.APPEND_SLASH = True
request = self._get_request('needsquoting#') request = self._get_request('needsquoting#')
r = CommonMiddleware().process_request(request) r = CommonMiddleware().process_request(request)
self.assertEqual(r.status_code, 301) self.assertEqual(r.status_code, 301)
@ -116,9 +97,8 @@ class CommonMiddlewareTest(TestCase):
r['Location'], r['Location'],
'http://testserver/middleware/needsquoting%23/') 'http://testserver/middleware/needsquoting%23/')
@override_settings(APPEND_SLASH=False, PREPEND_WWW=True)
def test_prepend_www(self): def test_prepend_www(self):
settings.PREPEND_WWW = True
settings.APPEND_SLASH = False
request = self._get_request('path/') request = self._get_request('path/')
r = CommonMiddleware().process_request(request) r = CommonMiddleware().process_request(request)
self.assertEqual(r.status_code, 301) self.assertEqual(r.status_code, 301)
@ -126,18 +106,16 @@ class CommonMiddlewareTest(TestCase):
r['Location'], r['Location'],
'http://www.testserver/middleware/path/') 'http://www.testserver/middleware/path/')
@override_settings(APPEND_SLASH=True, PREPEND_WWW=True)
def test_prepend_www_append_slash_have_slash(self): def test_prepend_www_append_slash_have_slash(self):
settings.PREPEND_WWW = True
settings.APPEND_SLASH = True
request = self._get_request('slash/') request = self._get_request('slash/')
r = CommonMiddleware().process_request(request) r = CommonMiddleware().process_request(request)
self.assertEqual(r.status_code, 301) self.assertEqual(r.status_code, 301)
self.assertEqual(r['Location'], self.assertEqual(r['Location'],
'http://www.testserver/middleware/slash/') 'http://www.testserver/middleware/slash/')
@override_settings(APPEND_SLASH=True, PREPEND_WWW=True)
def test_prepend_www_append_slash_slashless(self): def test_prepend_www_append_slash_slashless(self):
settings.PREPEND_WWW = True
settings.APPEND_SLASH = True
request = self._get_request('slash') request = self._get_request('slash')
r = CommonMiddleware().process_request(request) r = CommonMiddleware().process_request(request)
self.assertEqual(r.status_code, 301) self.assertEqual(r.status_code, 301)
@ -148,38 +126,38 @@ class CommonMiddlewareTest(TestCase):
# The following tests examine expected behavior given a custom urlconf that # The following tests examine expected behavior given a custom urlconf that
# overrides the default one through the request object. # overrides the default one through the request object.
@override_settings(APPEND_SLASH=True)
def test_append_slash_have_slash_custom_urlconf(self): def test_append_slash_have_slash_custom_urlconf(self):
""" """
Tests that URLs with slashes go unmolested. Tests that URLs with slashes go unmolested.
""" """
settings.APPEND_SLASH = True
request = self._get_request('customurlconf/slash/') request = self._get_request('customurlconf/slash/')
request.urlconf = 'regressiontests.middleware.extra_urls' request.urlconf = 'regressiontests.middleware.extra_urls'
self.assertEqual(CommonMiddleware().process_request(request), None) self.assertEqual(CommonMiddleware().process_request(request), None)
@override_settings(APPEND_SLASH=True)
def test_append_slash_slashless_resource_custom_urlconf(self): def test_append_slash_slashless_resource_custom_urlconf(self):
""" """
Tests that matches to explicit slashless URLs go unmolested. Tests that matches to explicit slashless URLs go unmolested.
""" """
settings.APPEND_SLASH = True
request = self._get_request('customurlconf/noslash') request = self._get_request('customurlconf/noslash')
request.urlconf = 'regressiontests.middleware.extra_urls' request.urlconf = 'regressiontests.middleware.extra_urls'
self.assertEqual(CommonMiddleware().process_request(request), None) self.assertEqual(CommonMiddleware().process_request(request), None)
@override_settings(APPEND_SLASH=True)
def test_append_slash_slashless_unknown_custom_urlconf(self): def test_append_slash_slashless_unknown_custom_urlconf(self):
""" """
Tests that APPEND_SLASH doesn't redirect to unknown resources. Tests that APPEND_SLASH doesn't redirect to unknown resources.
""" """
settings.APPEND_SLASH = True
request = self._get_request('customurlconf/unknown') request = self._get_request('customurlconf/unknown')
request.urlconf = 'regressiontests.middleware.extra_urls' request.urlconf = 'regressiontests.middleware.extra_urls'
self.assertEqual(CommonMiddleware().process_request(request), None) self.assertEqual(CommonMiddleware().process_request(request), None)
@override_settings(APPEND_SLASH=True)
def test_append_slash_redirect_custom_urlconf(self): def test_append_slash_redirect_custom_urlconf(self):
""" """
Tests that APPEND_SLASH redirects slashless URLs to a valid pattern. Tests that APPEND_SLASH redirects slashless URLs to a valid pattern.
""" """
settings.APPEND_SLASH = True
request = self._get_request('customurlconf/slash') request = self._get_request('customurlconf/slash')
request.urlconf = 'regressiontests.middleware.extra_urls' request.urlconf = 'regressiontests.middleware.extra_urls'
r = CommonMiddleware().process_request(request) r = CommonMiddleware().process_request(request)
@ -188,42 +166,34 @@ class CommonMiddlewareTest(TestCase):
self.assertEqual(r.status_code, 301) self.assertEqual(r.status_code, 301)
self.assertEqual(r['Location'], 'http://testserver/middleware/customurlconf/slash/') self.assertEqual(r['Location'], 'http://testserver/middleware/customurlconf/slash/')
@override_settings(APPEND_SLASH=True, DEBUG=True)
def test_append_slash_no_redirect_on_POST_in_DEBUG_custom_urlconf(self): def test_append_slash_no_redirect_on_POST_in_DEBUG_custom_urlconf(self):
""" """
Tests that while in debug mode, an exception is raised with a warning Tests that while in debug mode, an exception is raised with a warning
when a failed attempt is made to POST to an URL which would normally be when a failed attempt is made to POST to an URL which would normally be
redirected to a slashed version. redirected to a slashed version.
""" """
settings.APPEND_SLASH = True
settings.DEBUG = True
request = self._get_request('customurlconf/slash') request = self._get_request('customurlconf/slash')
request.urlconf = 'regressiontests.middleware.extra_urls' request.urlconf = 'regressiontests.middleware.extra_urls'
request.method = 'POST' request.method = 'POST'
self.assertRaises( with six.assertRaisesRegex(self, RuntimeError, 'end in a slash'):
RuntimeError,
CommonMiddleware().process_request,
request)
try:
CommonMiddleware().process_request(request) CommonMiddleware().process_request(request)
except RuntimeError as e:
self.assertTrue('end in a slash' in str(e))
settings.DEBUG = False
@override_settings(APPEND_SLASH=False)
def test_append_slash_disabled_custom_urlconf(self): def test_append_slash_disabled_custom_urlconf(self):
""" """
Tests disabling append slash functionality. Tests disabling append slash functionality.
""" """
settings.APPEND_SLASH = False
request = self._get_request('customurlconf/slash') request = self._get_request('customurlconf/slash')
request.urlconf = 'regressiontests.middleware.extra_urls' request.urlconf = 'regressiontests.middleware.extra_urls'
self.assertEqual(CommonMiddleware().process_request(request), None) self.assertEqual(CommonMiddleware().process_request(request), None)
@override_settings(APPEND_SLASH=True)
def test_append_slash_quoted_custom_urlconf(self): def test_append_slash_quoted_custom_urlconf(self):
""" """
Tests that URLs which require quoting are redirected to their slash Tests that URLs which require quoting are redirected to their slash
version ok. version ok.
""" """
settings.APPEND_SLASH = True
request = self._get_request('customurlconf/needsquoting#') request = self._get_request('customurlconf/needsquoting#')
request.urlconf = 'regressiontests.middleware.extra_urls' request.urlconf = 'regressiontests.middleware.extra_urls'
r = CommonMiddleware().process_request(request) r = CommonMiddleware().process_request(request)
@ -234,9 +204,8 @@ class CommonMiddlewareTest(TestCase):
r['Location'], r['Location'],
'http://testserver/middleware/customurlconf/needsquoting%23/') 'http://testserver/middleware/customurlconf/needsquoting%23/')
@override_settings(APPEND_SLASH=False, PREPEND_WWW=True)
def test_prepend_www_custom_urlconf(self): def test_prepend_www_custom_urlconf(self):
settings.PREPEND_WWW = True
settings.APPEND_SLASH = False
request = self._get_request('customurlconf/path/') request = self._get_request('customurlconf/path/')
request.urlconf = 'regressiontests.middleware.extra_urls' request.urlconf = 'regressiontests.middleware.extra_urls'
r = CommonMiddleware().process_request(request) r = CommonMiddleware().process_request(request)
@ -245,9 +214,8 @@ class CommonMiddlewareTest(TestCase):
r['Location'], r['Location'],
'http://www.testserver/middleware/customurlconf/path/') 'http://www.testserver/middleware/customurlconf/path/')
@override_settings(APPEND_SLASH=True, PREPEND_WWW=True)
def test_prepend_www_append_slash_have_slash_custom_urlconf(self): def test_prepend_www_append_slash_have_slash_custom_urlconf(self):
settings.PREPEND_WWW = True
settings.APPEND_SLASH = True
request = self._get_request('customurlconf/slash/') request = self._get_request('customurlconf/slash/')
request.urlconf = 'regressiontests.middleware.extra_urls' request.urlconf = 'regressiontests.middleware.extra_urls'
r = CommonMiddleware().process_request(request) r = CommonMiddleware().process_request(request)
@ -255,9 +223,8 @@ class CommonMiddlewareTest(TestCase):
self.assertEqual(r['Location'], self.assertEqual(r['Location'],
'http://www.testserver/middleware/customurlconf/slash/') 'http://www.testserver/middleware/customurlconf/slash/')
@override_settings(APPEND_SLASH=True, PREPEND_WWW=True)
def test_prepend_www_append_slash_slashless_custom_urlconf(self): def test_prepend_www_append_slash_slashless_custom_urlconf(self):
settings.PREPEND_WWW = True
settings.APPEND_SLASH = True
request = self._get_request('customurlconf/slash') request = self._get_request('customurlconf/slash')
request.urlconf = 'regressiontests.middleware.extra_urls' request.urlconf = 'regressiontests.middleware.extra_urls'
r = CommonMiddleware().process_request(request) r = CommonMiddleware().process_request(request)
@ -267,9 +234,9 @@ class CommonMiddlewareTest(TestCase):
# Tests for the 404 error reporting via email # Tests for the 404 error reporting via email
@override_settings(IGNORABLE_404_URLS=(re.compile(r'foo'),),
SEND_BROKEN_LINK_EMAILS = True)
def test_404_error_reporting(self): def test_404_error_reporting(self):
settings.IGNORABLE_404_URLS = (re.compile(r'foo'),)
settings.SEND_BROKEN_LINK_EMAILS = True
request = self._get_request('regular_url/that/does/not/exist') request = self._get_request('regular_url/that/does/not/exist')
request.META['HTTP_REFERER'] = '/another/url/' request.META['HTTP_REFERER'] = '/another/url/'
response = self.client.get(request.path) response = self.client.get(request.path)
@ -277,17 +244,17 @@ class CommonMiddlewareTest(TestCase):
self.assertEqual(len(mail.outbox), 1) self.assertEqual(len(mail.outbox), 1)
self.assertIn('Broken', mail.outbox[0].subject) self.assertIn('Broken', mail.outbox[0].subject)
@override_settings(IGNORABLE_404_URLS=(re.compile(r'foo'),),
SEND_BROKEN_LINK_EMAILS = True)
def test_404_error_reporting_no_referer(self): def test_404_error_reporting_no_referer(self):
settings.IGNORABLE_404_URLS = (re.compile(r'foo'),)
settings.SEND_BROKEN_LINK_EMAILS = True
request = self._get_request('regular_url/that/does/not/exist') request = self._get_request('regular_url/that/does/not/exist')
response = self.client.get(request.path) response = self.client.get(request.path)
CommonMiddleware().process_response(request, response) CommonMiddleware().process_response(request, response)
self.assertEqual(len(mail.outbox), 0) self.assertEqual(len(mail.outbox), 0)
@override_settings(IGNORABLE_404_URLS=(re.compile(r'foo'),),
SEND_BROKEN_LINK_EMAILS = True)
def test_404_error_reporting_ignored_url(self): def test_404_error_reporting_ignored_url(self):
settings.IGNORABLE_404_URLS = (re.compile(r'foo'),)
settings.SEND_BROKEN_LINK_EMAILS = True
request = self._get_request('foo_url/that/does/not/exist/either') request = self._get_request('foo_url/that/does/not/exist/either')
request.META['HTTP_REFERER'] = '/another/url/' request.META['HTTP_REFERER'] = '/another/url/'
response = self.client.get(request.path) response = self.client.get(request.path)
@ -424,23 +391,18 @@ class XFrameOptionsMiddlewareTest(TestCase):
""" """
Tests for the X-Frame-Options clickjacking prevention middleware. Tests for the X-Frame-Options clickjacking prevention middleware.
""" """
def setUp(self):
self.x_frame_options = settings.X_FRAME_OPTIONS
def tearDown(self):
settings.X_FRAME_OPTIONS = self.x_frame_options
def test_same_origin(self): def test_same_origin(self):
""" """
Tests that the X_FRAME_OPTIONS setting can be set to SAMEORIGIN to Tests that the X_FRAME_OPTIONS setting can be set to SAMEORIGIN to
have the middleware use that value for the HTTP header. have the middleware use that value for the HTTP header.
""" """
settings.X_FRAME_OPTIONS = 'SAMEORIGIN' with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'):
r = XFrameOptionsMiddleware().process_response(HttpRequest(), r = XFrameOptionsMiddleware().process_response(HttpRequest(),
HttpResponse()) HttpResponse())
self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN') self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')
settings.X_FRAME_OPTIONS = 'sameorigin' with override_settings(X_FRAME_OPTIONS='sameorigin'):
r = XFrameOptionsMiddleware().process_response(HttpRequest(), r = XFrameOptionsMiddleware().process_response(HttpRequest(),
HttpResponse()) HttpResponse())
self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN') self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')
@ -450,12 +412,12 @@ class XFrameOptionsMiddlewareTest(TestCase):
Tests that the X_FRAME_OPTIONS setting can be set to DENY to Tests that the X_FRAME_OPTIONS setting can be set to DENY to
have the middleware use that value for the HTTP header. have the middleware use that value for the HTTP header.
""" """
settings.X_FRAME_OPTIONS = 'DENY' with override_settings(X_FRAME_OPTIONS='DENY'):
r = XFrameOptionsMiddleware().process_response(HttpRequest(), r = XFrameOptionsMiddleware().process_response(HttpRequest(),
HttpResponse()) HttpResponse())
self.assertEqual(r['X-Frame-Options'], 'DENY') self.assertEqual(r['X-Frame-Options'], 'DENY')
settings.X_FRAME_OPTIONS = 'deny' with override_settings(X_FRAME_OPTIONS='deny'):
r = XFrameOptionsMiddleware().process_response(HttpRequest(), r = XFrameOptionsMiddleware().process_response(HttpRequest(),
HttpResponse()) HttpResponse())
self.assertEqual(r['X-Frame-Options'], 'DENY') self.assertEqual(r['X-Frame-Options'], 'DENY')
@ -465,7 +427,8 @@ class XFrameOptionsMiddlewareTest(TestCase):
Tests that if the X_FRAME_OPTIONS setting is not set then it defaults Tests that if the X_FRAME_OPTIONS setting is not set then it defaults
to SAMEORIGIN. to SAMEORIGIN.
""" """
del settings.X_FRAME_OPTIONS with override_settings(X_FRAME_OPTIONS=None):
del settings.X_FRAME_OPTIONS # restored by override_settings
r = XFrameOptionsMiddleware().process_response(HttpRequest(), r = XFrameOptionsMiddleware().process_response(HttpRequest(),
HttpResponse()) HttpResponse())
self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN') self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')
@ -475,14 +438,14 @@ class XFrameOptionsMiddlewareTest(TestCase):
Tests that if the X-Frame-Options header is already set then the Tests that if the X-Frame-Options header is already set then the
middleware does not attempt to override it. middleware does not attempt to override it.
""" """
settings.X_FRAME_OPTIONS = 'DENY' with override_settings(X_FRAME_OPTIONS='DENY'):
response = HttpResponse() response = HttpResponse()
response['X-Frame-Options'] = 'SAMEORIGIN' response['X-Frame-Options'] = 'SAMEORIGIN'
r = XFrameOptionsMiddleware().process_response(HttpRequest(), r = XFrameOptionsMiddleware().process_response(HttpRequest(),
response) response)
self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN') self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')
settings.X_FRAME_OPTIONS = 'SAMEORIGIN' with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'):
response = HttpResponse() response = HttpResponse()
response['X-Frame-Options'] = 'DENY' response['X-Frame-Options'] = 'DENY'
r = XFrameOptionsMiddleware().process_response(HttpRequest(), r = XFrameOptionsMiddleware().process_response(HttpRequest(),
@ -495,7 +458,7 @@ class XFrameOptionsMiddlewareTest(TestCase):
to False then it still sets the header, but if it's set to True then to False then it still sets the header, but if it's set to True then
it does not. it does not.
""" """
settings.X_FRAME_OPTIONS = 'SAMEORIGIN' with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'):
response = HttpResponse() response = HttpResponse()
response.xframe_options_exempt = False response.xframe_options_exempt = False
r = XFrameOptionsMiddleware().process_response(HttpRequest(), r = XFrameOptionsMiddleware().process_response(HttpRequest(),
@ -523,7 +486,7 @@ class XFrameOptionsMiddlewareTest(TestCase):
return 'SAMEORIGIN' return 'SAMEORIGIN'
return 'DENY' return 'DENY'
settings.X_FRAME_OPTIONS = 'DENY' with override_settings(X_FRAME_OPTIONS='DENY'):
response = HttpResponse() response = HttpResponse()
response.sameorigin = True response.sameorigin = True
r = OtherXFrameOptionsMiddleware().process_response(HttpRequest(), r = OtherXFrameOptionsMiddleware().process_response(HttpRequest(),
@ -536,7 +499,7 @@ class XFrameOptionsMiddlewareTest(TestCase):
HttpResponse()) HttpResponse())
self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN') self.assertEqual(r['X-Frame-Options'], 'SAMEORIGIN')
settings.X_FRAME_OPTIONS = 'SAMEORIGIN' with override_settings(X_FRAME_OPTIONS='SAMEORIGIN'):
r = OtherXFrameOptionsMiddleware().process_response(HttpRequest(), r = OtherXFrameOptionsMiddleware().process_response(HttpRequest(),
HttpResponse()) HttpResponse())
self.assertEqual(r['X-Frame-Options'], 'DENY') self.assertEqual(r['X-Frame-Options'], 'DENY')