Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(688)

Unified Diff: server/guiserver/tests/test_handlers.py

Issue 88090048: Avoid clickjacking.
Patch Set: Avoid clickjacking. Created 9 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « server/guiserver/handlers.py ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: server/guiserver/tests/test_handlers.py
=== modified file 'server/guiserver/tests/test_handlers.py'
--- server/guiserver/tests/test_handlers.py 2014-04-09 13:26:40 +0000
+++ server/guiserver/tests/test_handlers.py 2014-04-17 09:08:26 +0000
@@ -501,6 +501,21 @@
# Requests including flags and queries are served by the index file.
self.ensure_index('/:flag:/activated/?my=query')
+ def test_headers(self):
+ # The expected Content-Type, ETag and clickjacking protection headers
+ # are correctly sent by the server.
+ response = self.fetch('/')
+ headers = response.headers
+ # Check response content type.
+ self.assertIn('Content-Type', headers)
+ self.assertEqual('text/html', headers['Content-Type'])
+ # Check cache headers.
+ self.assertIn('ETag', headers)
+ self.assertIn('Last-Modified', headers)
+ # Check X-Frame headers.
+ self.assertIn('X-Frame-Options', headers)
+ self.assertEqual('SAMEORIGIN', headers['X-Frame-Options'])
+
class TestProxyHandler(LogTrapTestCase, AsyncHTTPTestCase):
« no previous file with comments | « server/guiserver/handlers.py ('k') | no next file » | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b