8000 Fixed #6346 -- Set xframe options exempt on cached response by 0mk1 · Pull Request #6368 · django-cms/django-cms · GitHub
[go: up one dir, main page]
Skip to content

Fixed #6346 -- Set xframe options exempt on cached response #6368

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Jun 4, 2018
Merged

Fixed #6346 -- Set xframe options exempt on cached response #6368

Changes from 1 commit
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
de2dfd8
Fix issue #6346
May 14, 2018
301cd5e
Add CHANGELOG and AUTHORS entries
May 14, 2018
5011142
Fix after code review
May 29, 2018
ecc9d0c
Moved test
czpython May 30, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Moved test
  • Loading branch information
@czpython
czpython authored May 30, 2018
commit ecc9d0c3a385bb691bb51697c73d095850480489
67 changes: 34 additions & 33 deletions cms/tests/test_page.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1013,6 +1013,40 @@ def test_top_level_page_inherited_xframe_options_are_applied(self):
resp = self.client.get(page.get_absolute_url('en'))
self.assertEqual(resp.get('X-Frame-Options'), 'SAMEORIGIN')

def test_xframe_options_with_cms_page_cache_and_clickjacking_middleware(self):
# Refs: 6346
if getattr(settings, 'MIDDLEWARE', None):
override = {
'MIDDLEWARE': settings.MIDDLEWARE + [
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
}
else:
override = {
'MIDDLEWARE_CLASSES': settings.MIDDLEWARE_CLASSES + [
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
}

override['CMS_PAGE_CACHE'] = True

with self.settings(**override):
page = create_page(
'test page 1',
'nav_playground.html',
'en',
published=True,
xframe_options=Page.X_FRAME_OPTIONS_ALLOW,
)

# Normal response from render_page
resp = self.client.get(page.get_absolute_url('en'))
self.assertEqual(resp.get('X-Frame-Options'), None)

# Response from page cache
resp = self.client.get(page.get_absolute_url('en'))
self.assertEqual(resp.get('X-Frame-Options'), None)

def test_page_used_on_request(self):
"""
The rendered page changes depending on request and
Expand Down Expand Up @@ -1180,36 +1214,3 @@ def test_move_node(self):

self.assertEqual(child.get_absolute_url(language='en'), '/en/parent/child/')
self.assertEqual(child.publisher_public.get_absolute_url(language='en'), '/en/parent/child/')

def test_xframe_options_with_cms_page_cache_and_clickjacking_middleware(self):
if getattr(settings, 'MIDDLEWARE', None):
override = {
'MIDDLEWARE': settings.MIDDLEWARE + [
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
}
else:
override = {
'MIDDLEWARE_CLASSES': settings.MIDDLEWARE_CLASSES + [
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
}

override['CMS_PAGE_CACHE'] = True

with self.settings(**override):
page = create_page(
'test page 1',
'nav_playground.html',
'en',
published=True,
xframe_options=Page.X_FRAME_OPTIONS_ALLOW,
)

# Normal response from render_page
resp = self.client.get(page.get_absolute_url('en'))
self.assertEqual(resp.get('X-Frame-Options'), None)

# Response from page cache
resp = self.client.get(page.get_absolute_url('en'))
self.assertEqual(resp.get('X-Frame-Options'), None)
0