Increase converage to 100%.

2025-04-24 11:22:00 -04:00 · 2017-07-15 02:36:31 -04:00 · 2017-07-15 02:36:31 -04:00 · 854af23268
parent 0381865bd1
commit 854af23268
2 changed files with 26 additions and 10 deletions
--- a/csp_advanced/tests.py
+++ b/csp_advanced/tests.py
@ -168,6 +168,19 @@ class TestMiddleware(SimpleTestCase):
    def test_setting_csp(self):
        self.assertEqual(self.make_ok_view()(self.get_request())['Content-Security-Policy'], "script-src 'self'")

+    @override_settings(ADVANCED_CSP='verbatim bad csp')
+    def test_setting_str(self):
+        self.assertEqual(self.make_ok_view()(self.get_request())['Content-Security-Policy'], 'verbatim bad csp')
+
+    @override_settings(ADVANCED_CSP={'script-src': ['self']})
+    def test_csp_exists(self):
+        @self.decorator_factory()
+        def view(request):
+            response = HttpResponse()
+            response['Content-Security-Policy'] = 'verbatim bad csp'
+            return response
+        self.assertEqual(view(self.get_request())['Content-Security-Policy'], 'verbatim bad csp')
+
    @override_settings(ADVANCED_CSP={'bad': ['self']})
    def test_invalid_csp(self):
        self.assertFalse('Content-Security-Policy' in self.make_ok_view()(self.get_request()))
@ -212,6 +225,15 @@ class TestMiddleware(SimpleTestCase):
            return response
        self.assertEqual(view(self.get_request())['Content-Security-Policy'], "style-src 'none'")

+    @override_settings(ADVANCED_CSP={'script-src': ['self']})
+    def test_remove_csp(self):
+        @self.decorator_factory()
+        def view(request):
+            response = HttpResponse()
+            response.csp = {'override': True}
+            return response
+        self.assertFalse('Content-Security-Policy' in view(self.get_request()))
+
    @override_settings(ADVANCED_CSP_REPORT_ONLY={'script-src': ['self']})
    def test_override_csp_to_report_explicit(self):
        @self.decorator_factory()
@ -232,7 +254,7 @@ class TestMiddleware(SimpleTestCase):

        response = view(self.get_request())
        self.assertEqual(response['Content-Security-Policy-Report-Only'], "script-src 'none'")
-        self.assertTrue('Content-Security-Policy' not in response)
+        self.assertFalse('Content-Security-Policy' in response)

    @override_settings(ADVANCED_CSP_REPORT_ONLY={'script-src': ['self']})
    def test_override_csp_report_only_explicit(self):
@ -244,4 +266,4 @@ class TestMiddleware(SimpleTestCase):

        response = view(self.get_request())
        self.assertEqual(response['Content-Security-Policy-Report-Only'], "script-src 'none'")
-        self.assertTrue('Content-Security-Policy' not in response)
+        self.assertFalse('Content-Security-Policy' in response)
--- a/csp_advanced/utils.py
+++ b/csp_advanced/utils.py
@ -27,15 +27,9 @@ def merge_csp_dict(template, override):
            continue
        orig = result[key]
        if isinstance(orig, list):
-            if orig == template[key]:
-                result[key] = orig + list(value)
-            else:
-                orig += value
+            result[key] = orig + list(value)
        elif isinstance(orig, set):
-            if orig == template[key]:
-                result[key] = orig.union(value)
-            else:
-                orig.update(value)
+            result[key] = orig.union(value)
        elif isinstance(orig, tuple):
            result[key] = orig + tuple(value)
        else: