Test for X-Frame-Options header

mozilla · Aug 24, 2010 · 8e261ec · 8e261ec
1 parent f2364b5
commit 8e261ec
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/apps/sso/tests.py b/apps/sso/tests.py
@@ -24,3 +24,9 @@ def test_httponly(self):
         for name in r.cookies:
             if name not in settings.JAVASCRIPT_READABLE_COOKIES:
                 eq_(bool(r.cookies[name].get('httponly')), True)
+
+    def test_x_frame_options(self):
+        """Ensure our pages must not be iframed."""
+        r = self.client.get(reverse('cas_login'))
+        eq_(r.status_code, 200)
+        eq_(r['x-frame-options'], 'DENY')