TESTS

mozilla · May 24, 2022 · d2dd73c · d2dd73c
1 parent 27b0fd2
commit d2dd73c
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 11 deletions.
diff --git a/csp/tests/test_middleware.py b/csp/tests/test_middleware.py
@@ -18,6 +18,11 @@
 rf = RequestFactory()
 
 
+def get_headers(response):
+    # TODO: use response.headers for Django 3.2+
+    return set(header for header, _ in response.items())
+
+
 def test_add_header():
     request = rf.get('/')
     response = HttpResponse()
@@ -30,18 +35,19 @@ def test_exempt():
     response = HttpResponse()
     response._csp_exempt = True
     mw.process_response(request, response)
-    assert not HEADER_SET.intersection(response)
+    assert not HEADER_SET.intersection(get_headers(response))
 
 
 @override_settings(
     CSP_POLICIES=('default', 'report'),
-    CSP_EXCLUDE_URL_PREFIXES=('/inlines-r-us'),
+    CSP_EXCLUDE_URL_PREFIXES=('/inlines-r-us',),
 )
 def test_exclude():
     request = rf.get('/inlines-r-us/foo')
     response = HttpResponse()
     mw.process_response(request, response)
-    assert not HEADER_SET.intersection(response)
+    assert HEADER not in response
+    assert response[REPORT_ONLY_HEADER] == "default-src 'self'"
 
 
 @override_settings(CSP_REPORT_ONLY=True)
@@ -192,7 +198,7 @@ def test_debug_errors_exempt():
     request = rf.get('/')
     response = HttpResponseServerError()
     mw.process_response(request, response)
-    assert not HEADER_SET.intersection(response)
+    assert not HEADER_SET.intersection(get_headers(response))
 
 
 @override_settings(
@@ -203,7 +209,7 @@ def test_debug_notfound_exempt():
     request = rf.get('/')
     response = HttpResponseNotFound()
     mw.process_response(request, response)
-    assert not HEADER_SET.intersection(response)
+    assert not HEADER_SET.intersection(get_headers(response))
 
 
 @override_settings(

diff --git a/csp/tests/test_utils.py b/csp/tests/test_utils.py
@@ -12,22 +12,25 @@
 )
 
 
-def policy_eq(a, b, msg='%r != %r', report_only=False):
+def policy_eq(
+    a, b, msg='%r != %r', report_only=False, exclude_url_prefixes=(),
+):
     if not isinstance(a, list):
-        a = [(a, report_only)]
+        a = [(a, report_only, exclude_url_prefixes)]
     if not isinstance(a, list):
-        b = [(b, report_only)]
+        b = [(b, report_only, exclude_url_prefixes)]
 
     for csp_a, csp_b in zip(a, b):
+        assert csp_a[1] == csp_b[1]
+        assert sorted(csp_a[2]) == sorted(csp_b[2])
         parts_a = sorted(csp_a[0].split('; '))
         parts_b = sorted(csp_b[0].split('; '))
-        assert csp_a[1] == csp_b[1]
         assert parts_a == parts_b, msg % (a, b)
 
 
 def test_empty_policy():
     policy = build_policy()
-    assert [("default-src 'self'", False)] == policy
+    policy_eq("default-src 'self'", policy)
 
 
 def literal(s):
@@ -40,7 +43,7 @@ def literal(s):
 @override_settings(CSP_DEFAULT_SRC=['example.com', 'example2.com'])
 def test_default_src():
     policy = build_policy()
-    assert [('default-src example.com example2.com', False)] == policy
+    policy_eq('default-src example.com example2.com', policy)
 
 
 @override_settings(CSP_SCRIPT_SRC=['example.com'])