From 2314a9f2f63d4f0d7338144f033cd94064e84546 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Fri, 25 Sep 2020 11:06:54 -0400 Subject: [PATCH 1/2] add a test for referrer-policy --- newsfragments/3443.minor | 0 src/allmydata/test/web/test_web.py | 27 +++++++++++++++++++++++---- 2 files changed, 23 insertions(+), 4 deletions(-) create mode 100644 newsfragments/3443.minor diff --git a/newsfragments/3443.minor b/newsfragments/3443.minor new file mode 100644 index 000000000..e69de29bb diff --git a/src/allmydata/test/web/test_web.py b/src/allmydata/test/web/test_web.py index b032f29a1..62a38e60b 100644 --- a/src/allmydata/test/web/test_web.py +++ b/src/allmydata/test/web/test_web.py @@ -749,20 +749,39 @@ class Web(WebMixin, WebErrorMixin, testutil.StallMixin, testutil.ReallyEqualMixi def test_create(self): pass - def test_frame_options(self): + def _assertResponseHeaders(self, name, values): """ - All pages deny the ability to be loaded in frames. + Assert that the resource at **/** is served with a response header named + ``name`` and values ``values``. + + :param bytes name: The name of the header item to check. + :param [bytes] values: The expected values. + + :return Deferred: A Deferred that fires successfully if the expected + header item is found and which fails otherwise. """ d = self.GET("/", return_response=True) def responded(result): _, _, headers = result self.assertEqual( - [b"DENY"], - headers.getRawHeaders(b"X-Frame-Options"), + values, + headers.getRawHeaders(name), ) d.addCallback(responded) return d + def test_frame_options(self): + """ + All pages deny the ability to be loaded in frames. + """ + return self._assertResponseHeaders(b"X-Frame-Options", [b"DENY"]) + + def test_referrer_policy(self): + """ + All pages set a **no-referrer** policy. + """ + return self._assertResponseHeaders(b"Referrer-Policy", [b"no-referrer"]) + def test_welcome_json(self): """ There is a JSON version of the welcome page which can be selected with the From a5686de460cbb5d77370af6c3bf6396cd8e29337 Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone Date: Mon, 28 Sep 2020 10:26:00 -0400 Subject: [PATCH 2/2] Don't claim behavior about *all* pages --- src/allmydata/test/web/test_web.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/allmydata/test/web/test_web.py b/src/allmydata/test/web/test_web.py index 62a38e60b..0aba75be4 100644 --- a/src/allmydata/test/web/test_web.py +++ b/src/allmydata/test/web/test_web.py @@ -772,14 +772,16 @@ class Web(WebMixin, WebErrorMixin, testutil.StallMixin, testutil.ReallyEqualMixi def test_frame_options(self): """ - All pages deny the ability to be loaded in frames. + Pages deny the ability to be loaded in frames. """ + # It should be all pages but we only demonstrate it for / with this test. return self._assertResponseHeaders(b"X-Frame-Options", [b"DENY"]) def test_referrer_policy(self): """ - All pages set a **no-referrer** policy. + Pages set a **no-referrer** policy. """ + # It should be all pages but we only demonstrate it for / with this test. return self._assertResponseHeaders(b"Referrer-Policy", [b"no-referrer"]) def test_welcome_json(self):