diff options
| author | Michael Merickel <michael@merickel.org> | 2019-10-22 22:05:27 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2019-10-22 22:05:27 -0500 |
| commit | 4a46827769bbe181070a74927aa4e988a4cc3112 (patch) | |
| tree | 1b7de5c2b62928aea23372adb2b95b42aa5eab0c /tests/test_config/test_security.py | |
| parent | 2153b4b878d77aa0cb5b79805dd185d133c26451 (diff) | |
| parent | 8b7b7cbf9058312f0bf6b044cfa388f807eff739 (diff) | |
| download | pyramid-4a46827769bbe181070a74927aa4e988a4cc3112.tar.gz pyramid-4a46827769bbe181070a74927aa4e988a4cc3112.tar.bz2 pyramid-4a46827769bbe181070a74927aa4e988a4cc3112.zip | |
Merge pull request #3518 from mmerickel/default-allow-no-origin
add check_origin option and support an origin of null
Diffstat (limited to 'tests/test_config/test_security.py')
| -rw-r--r-- | tests/test_config/test_security.py | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/tests/test_config/test_security.py b/tests/test_config/test_security.py index 0ae199239..9a9ea9f7e 100644 --- a/tests/test_config/test_security.py +++ b/tests/test_config/test_security.py @@ -158,6 +158,7 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase): list(sorted(result.safe_methods)), ['GET', 'HEAD', 'OPTIONS', 'TRACE'], ) + self.assertTrue(result.check_origin) self.assertFalse(result.allow_no_origin) self.assertTrue(result.callback is None) @@ -174,7 +175,8 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase): token='DUMMY', header=None, safe_methods=('PUT',), - allow_no_origin=True, + check_origin=False, + allow_no_origin=False, callback=callback, ) result = config.registry.getUtility(IDefaultCSRFOptions) @@ -182,5 +184,6 @@ class ConfiguratorSecurityMethodsTests(unittest.TestCase): self.assertEqual(result.token, 'DUMMY') self.assertEqual(result.header, None) self.assertEqual(list(sorted(result.safe_methods)), ['PUT']) - self.assertTrue(result.allow_no_origin) + self.assertFalse(result.check_origin) + self.assertFalse(result.allow_no_origin) self.assertTrue(result.callback is callback) |