Merge lp:~julian-edwards/maas/clickjacking-bug-1298784 into lp:~maas-committers/maas/trunk
Proposed by
Julian Edwards
| Status: | Merged |
|---|---|
| Approved by: | Julian Edwards |
| Approved revision: | no longer in the source branch. |
| Merged at revision: | 2299 |
| Proposed branch: | lp:~julian-edwards/maas/clickjacking-bug-1298784 |
| Merge into: | lp:~maas-committers/maas/trunk |
| Diff against target: |
11 lines (+1/-0) 1 file modified
src/maas/settings.py (+1/-0) |
| To merge this branch: | bzr merge lp:~julian-edwards/maas/clickjacking-bug-1298784 |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| Jeroen T. Vermeulen (community) | Approve | ||
|
Review via email:
|
|||
Commit message
Enable Django's clickjacking middleware.
Description of the change
Not sure if it warrants a unit test but I verified that the header is present after enabling this.
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
Testing is a grey area with these things, but I think you're OK. My feeling is that code which merely states configuration only needs to be tested for:
1. Running at all. I'm sure that's covered already.
2. Stating things correctly, if stating them incorrectly is plausible. Not here though.
3. Producing the right interaction within the scope of the product.
For #3 I would say the interaction is completely between Django and the browser. The only thing you do here is tell Django that it should happen.