]jCBddlmZmZmZddlmZddlmZddlm Z dZ e Z eZ dZ dZed d Zed d ZdZdZdZedgdZed dZed dZdZdZdZegdZy)) HttpResponseHttpResponseServerErrorHttpResponseNotFound)RequestFactory)override_settings) CSPMiddlewarezContent-Security-Policyctjd}t}tj ||t |vsJyN/rfgetrmwprocess_responseHEADERrequestresponses C/root/env/lib/python3.12/site-packages/csp/tests/test_middleware.pytest_add_headerrs4ffSkG~H* X  ctjd}t}d|_tj ||t |vsJy)Nr T)r rr _csp_exemptrrrrs r test_exemptrs<ffSkG~HH*  !! !rz /inlines-r-us)CSP_EXCLUDE_URL_PREFIXESctjd}t}tj ||t |vsJy)Nz/inlines-r-us/foor rs r text_excluder s6ff()G~H*  !! !rT)CSP_REPORT_ONLYctjd}t}tj ||t |vsJt dz|vsJy)Nr z -Report-Onlyr rs rtest_report_onlyr (sGffSkG~H*  !! ! N "h .. .rctjd}t}d|t<tj |||tdk(sJy)Nr default-src example.com)r rrrrrrs rtest_dont_replacer#1sDffSkG~H0HV* F 8 88 8rctjd}t}ddgi|_tj |||t dk(sJy)Nr default-src example.comr")r rr _csp_configrrrrs rtest_use_configr(9sIffSkG~H)M?;H* F 8 88 8rctjd}t}ddgi|_tj |||t dk(sJy)Nr r%r&zdefault-src 'self' example.com)r rr _csp_updaterrrrs rtest_use_updater+AsIffSkG~H)M?;H* F ? ?? ?rzfoo.com) CSP_IMG_SRCctjd}t}ddgi|_tj ||t |tjd}|ddgk(sJy)Nr zimg-srczbar.comz; zdefault-src 'self'zimg-src bar.com) r rr _csp_replacerrsortedrsplit)rr policy_lists rtest_use_replacer2IsdffSkG~H& 4H*&)//56K /1BC CC Cr)DEBUGctjd}t}tj ||t |vsJyr )r rrrrrrs rtest_debug_errors_exemptr5Ss5ffSkG&(H*  !! !rctjd}t}tj ||t |vsJyr )r rrrrrrs rtest_debug_notfound_exemptr7[s5ffSkG#%H*  !! !rctjd}tj|t |j }t }tj||||tvsJyr r rrprocess_requeststr csp_noncerrrrnoncers r test_nonce_created_when_accessedr?csWffSkGw !! "E~H* HV$ $$ $rctjd}tj|t }tj ||d|t vsJy)Nr znonce-)r rrr:rrrrs rtest_no_nonce_when_not_accessedrAlsGffSkGw~H* 8F+ ++ +rctjd}tjd}tj|tj|t |j }t |j }|j |j k7sJt }t }tj||tj||||tvsJ||tvsJyr r9)request1request2nonce1nonce2 response1 response2s r%test_nonce_regenerated_on_new_requestrItsvvc{Hvvc{Hx x ## $F ## $F   !3!3 33 3II),), 6* ** * 6* ** *r)CSP_INCLUDE_NONCE_INctjd}tj|t |j }t }tj||||tvsJyr r9r=s r'test_no_nonce_when_disabled_by_settingsrLsWffSkGw !! "E~H* ( (( (rN) django.httprrr django.testrdjango.test.utilsrcsp.middlewarerrrr rrrr r#r(r+r2r5r7r?rArIrLrrrRs '/( #_"_>"?"4(/)/99@ {+D,D""""%,+"+),)r