@@ -32,37 +32,37 @@ def test_get_origin_vary_by_default(self):
3232 assert resp ["vary" ] == "origin"
3333
3434 def test_get_invalid_origin (self ):
35- resp = self .client .get ("/" , HTTP_ORIGIN = "http ://example.com]" )
35+ resp = self .client .get ("/" , HTTP_ORIGIN = "https ://example.com]" )
3636 assert ACCESS_CONTROL_ALLOW_ORIGIN not in resp
3737
38- @override_settings (CORS_ALLOWED_ORIGINS = ["http ://example.com" ])
38+ @override_settings (CORS_ALLOWED_ORIGINS = ["https ://example.com" ])
3939 def test_get_not_in_allowed_origins (self ):
40- resp = self .client .get ("/" , HTTP_ORIGIN = "http ://example.org" )
40+ resp = self .client .get ("/" , HTTP_ORIGIN = "https ://example.org" )
4141 assert ACCESS_CONTROL_ALLOW_ORIGIN not in resp
4242
43- @override_settings (CORS_ALLOWED_ORIGINS = ["https ://example.org" ])
43+ @override_settings (CORS_ALLOWED_ORIGINS = ["http ://example.org" ])
4444 def test_get_not_in_allowed_origins_due_to_wrong_scheme (self ):
45- resp = self .client .get ("/" , HTTP_ORIGIN = "http ://example.org" )
45+ resp = self .client .get ("/" , HTTP_ORIGIN = "https ://example.org" )
4646 assert ACCESS_CONTROL_ALLOW_ORIGIN not in resp
4747
4848 @override_settings (
49- CORS_ALLOWED_ORIGINS = ["http ://example.com" , "http ://example.org" ]
49+ CORS_ALLOWED_ORIGINS = ["https ://example.com" , "https ://example.org" ]
5050 )
5151 def test_get_in_allowed_origins (self ):
52- resp = self .client .get ("/" , HTTP_ORIGIN = "http ://example.org" )
53- assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "http ://example.org"
52+ resp = self .client .get ("/" , HTTP_ORIGIN = "https ://example.org" )
53+ assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "https ://example.org"
5454
55- @override_settings (CORS_ALLOWED_ORIGINS = ["http ://example.org" ])
55+ @override_settings (CORS_ALLOWED_ORIGINS = ["https ://example.org" ])
5656 async def test_async_get_in_allowed_origins (self ):
57- resp = await self .async_client .get ("/async/" , origin = "http ://example.org" )
58- assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "http ://example.org"
57+ resp = await self .async_client .get ("/async/" , origin = "https ://example.org" )
58+ assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "https ://example.org"
5959
60- @override_settings (CORS_ALLOWED_ORIGINS = ["http ://example.com" , "null" ])
60+ @override_settings (CORS_ALLOWED_ORIGINS = ["https ://example.com" , "null" ])
6161 def test_null_in_allowed_origins (self ):
6262 resp = self .client .get ("/" , HTTP_ORIGIN = "null" )
6363 assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "null"
6464
65- @override_settings (CORS_ALLOWED_ORIGINS = ["http ://example.com" , "file://" ])
65+ @override_settings (CORS_ALLOWED_ORIGINS = ["https ://example.com" , "file://" ])
6666 def test_file_in_allowed_origins (self ):
6767 """
6868 'file://' should be allowed as an origin since Chrome on Android
@@ -76,22 +76,22 @@ def test_file_in_allowed_origins(self):
7676 CORS_EXPOSE_HEADERS = ["accept" , "content-type" ],
7777 )
7878 def test_get_expose_headers (self ):
79- resp = self .client .get ("/" , HTTP_ORIGIN = "http ://example.com" )
79+ resp = self .client .get ("/" , HTTP_ORIGIN = "https ://example.com" )
8080 assert resp [ACCESS_CONTROL_EXPOSE_HEADERS ] == "accept, content-type"
8181
8282 @override_settings (CORS_ALLOW_ALL_ORIGINS = True )
8383 def test_get_dont_expose_headers (self ):
84- resp = self .client .get ("/" , HTTP_ORIGIN = "http ://example.com" )
84+ resp = self .client .get ("/" , HTTP_ORIGIN = "https ://example.com" )
8585 assert ACCESS_CONTROL_EXPOSE_HEADERS not in resp
8686
8787 @override_settings (CORS_ALLOW_CREDENTIALS = True , CORS_ALLOW_ALL_ORIGINS = True )
8888 def test_get_allow_credentials (self ):
89- resp = self .client .get ("/" , HTTP_ORIGIN = "http ://example.com" )
89+ resp = self .client .get ("/" , HTTP_ORIGIN = "https ://example.com" )
9090 assert resp [ACCESS_CONTROL_ALLOW_CREDENTIALS ] == "true"
9191
9292 @override_settings (CORS_ALLOW_ALL_ORIGINS = True )
9393 def test_get_dont_allow_credentials (self ):
94- resp = self .client .get ("/" , HTTP_ORIGIN = "http ://example.com" )
94+ resp = self .client .get ("/" , HTTP_ORIGIN = "https ://example.com" )
9595 assert ACCESS_CONTROL_ALLOW_CREDENTIALS not in resp
9696
9797 @override_settings (
@@ -103,7 +103,7 @@ def test_get_dont_allow_credentials(self):
103103 def test_options_allowed_origin (self ):
104104 resp = self .client .options (
105105 "/" ,
106- HTTP_ORIGIN = "http ://example.com" ,
106+ HTTP_ORIGIN = "https ://example.com" ,
107107 HTTP_ACCESS_CONTROL_REQUEST_METHOD = "GET" ,
108108 )
109109 assert resp .status_code == HTTPStatus .OK
@@ -120,7 +120,7 @@ def test_options_allowed_origin(self):
120120 async def test_async_options_allowed_origin (self ):
121121 resp = await self .async_client .options (
122122 "/async/" ,
123- origin = "http ://example.com" ,
123+ origin = "https ://example.com" ,
124124 access_control_request_method = "GET" ,
125125 )
126126 assert resp .status_code == HTTPStatus .OK
@@ -137,23 +137,23 @@ async def test_async_options_allowed_origin(self):
137137 def test_options_no_max_age (self ):
138138 resp = self .client .options (
139139 "/" ,
140- HTTP_ORIGIN = "http ://example.com" ,
140+ HTTP_ORIGIN = "https ://example.com" ,
141141 HTTP_ACCESS_CONTROL_REQUEST_METHOD = "GET" ,
142142 )
143143 assert resp [ACCESS_CONTROL_ALLOW_HEADERS ] == "content-type"
144144 assert resp [ACCESS_CONTROL_ALLOW_METHODS ] == "GET, OPTIONS"
145145 assert ACCESS_CONTROL_MAX_AGE not in resp
146146
147147 @override_settings (
148- CORS_ALLOWED_ORIGINS = ["http ://localhost:9000" ],
148+ CORS_ALLOWED_ORIGINS = ["https ://localhost:9000" ],
149149 )
150150 def test_options_allowed_origins_with_port (self ):
151151 resp = self .client .options (
152152 "/" ,
153- HTTP_ORIGIN = "http ://localhost:9000" ,
153+ HTTP_ORIGIN = "https ://localhost:9000" ,
154154 HTTP_ACCESS_CONTROL_REQUEST_METHOD = "GET" ,
155155 )
156- assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "http ://localhost:9000"
156+ assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "https ://localhost:9000"
157157
158158 @override_settings (
159159 CORS_ALLOWED_ORIGIN_REGEXES = [r"^https://\w+\.example\.com$" ],
@@ -196,7 +196,7 @@ def test_options_doesnt_add_origin_when_domain_not_found_in_allowed_regexes(
196196 def test_options_empty_request_method (self ):
197197 resp = self .client .options (
198198 "/" ,
199- HTTP_ORIGIN = "http ://example.com" ,
199+ HTTP_ORIGIN = "https ://example.com" ,
200200 HTTP_ACCESS_CONTROL_REQUEST_METHOD = "" ,
201201 )
202202 assert resp .status_code == 200
@@ -209,22 +209,22 @@ def test_options_no_headers(self):
209209 def test_allow_all_origins_get (self ):
210210 resp = self .client .get (
211211 "/" ,
212- HTTP_ORIGIN = "http ://example.com" ,
212+ HTTP_ORIGIN = "https ://example.com" ,
213213 HTTP_ACCESS_CONTROL_REQUEST_METHOD = "GET" ,
214214 )
215215 assert resp .status_code == 200
216- assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "http ://example.com"
216+ assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "https ://example.com"
217217 assert resp ["vary" ] == "origin"
218218
219219 @override_settings (CORS_ALLOW_CREDENTIALS = True , CORS_ALLOW_ALL_ORIGINS = True )
220220 def test_allow_all_origins_options (self ):
221221 resp = self .client .options (
222222 "/" ,
223- HTTP_ORIGIN = "http ://example.com" ,
223+ HTTP_ORIGIN = "https ://example.com" ,
224224 HTTP_ACCESS_CONTROL_REQUEST_METHOD = "GET" ,
225225 )
226226 assert resp .status_code == 200
227- assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "http ://example.com"
227+ assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "https ://example.com"
228228 assert resp ["vary" ] == "origin"
229229
230230 @override_settings (CORS_ALLOW_CREDENTIALS = True , CORS_ALLOW_ALL_ORIGINS = True )
@@ -237,9 +237,9 @@ def test_non_200_headers_still_set(self):
237237 place to preserve this behaviour. See `ExceptionMiddleware` mention here:
238238 https://docs.djangoproject.com/en/3.0/topics/http/middleware/#upgrading-pre-django-1-10-style-middleware # noqa: E501
239239 """
240- resp = self .client .get ("/test-401/" , HTTP_ORIGIN = "http ://example.com" )
240+ resp = self .client .get ("/test-401/" , HTTP_ORIGIN = "https ://example.com" )
241241 assert resp .status_code == 401
242- assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "http ://example.com"
242+ assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "https ://example.com"
243243
244244 @override_settings (CORS_ALLOW_CREDENTIALS = True , CORS_ALLOW_ALL_ORIGINS = True )
245245 def test_auth_view_options (self ):
@@ -249,11 +249,11 @@ def test_auth_view_options(self):
249249 """
250250 resp = self .client .options (
251251 "/test-401/" ,
252- HTTP_ORIGIN = "http ://example.com" ,
252+ HTTP_ORIGIN = "https ://example.com" ,
253253 HTTP_ACCESS_CONTROL_REQUEST_METHOD = "GET" ,
254254 )
255255 assert resp .status_code == 200
256- assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "http ://example.com"
256+ assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "https ://example.com"
257257 assert resp ["Content-Length" ] == "0"
258258
259259 def test_signal_handler_that_returns_false (self ):
@@ -263,7 +263,7 @@ def handler(*args, **kwargs):
263263 with temporary_check_request_hander (handler ):
264264 resp = self .client .options (
265265 "/" ,
266- HTTP_ORIGIN = "http ://example.com" ,
266+ HTTP_ORIGIN = "https ://example.com" ,
267267 HTTP_ACCESS_CONTROL_REQUEST_METHOD = "GET" ,
268268 )
269269
@@ -277,35 +277,35 @@ def handler(*args, **kwargs):
277277 with temporary_check_request_hander (handler ):
278278 resp = self .client .options (
279279 "/" ,
280- HTTP_ORIGIN = "http ://example.com" ,
280+ HTTP_ORIGIN = "https ://example.com" ,
281281 HTTP_ACCESS_CONTROL_REQUEST_METHOD = "GET" ,
282282 )
283283 assert resp .status_code == 200
284- assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "http ://example.com"
284+ assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "https ://example.com"
285285
286- @override_settings (CORS_ALLOWED_ORIGINS = ["http ://example.com" ])
286+ @override_settings (CORS_ALLOWED_ORIGINS = ["https ://example.com" ])
287287 def test_signal_handler_allow_some_urls_to_everyone (self ):
288288 def allow_api_to_all (sender , request , ** kwargs ):
289289 return request .path .startswith ("/api/" )
290290
291291 with temporary_check_request_hander (allow_api_to_all ):
292292 resp = self .client .options (
293293 "/" ,
294- HTTP_ORIGIN = "http ://example.org" ,
294+ HTTP_ORIGIN = "https ://example.org" ,
295295 HTTP_ACCESS_CONTROL_REQUEST_METHOD = "GET" ,
296296 )
297297 assert resp .status_code == 200
298298 assert ACCESS_CONTROL_ALLOW_ORIGIN not in resp
299299
300300 resp = self .client .options (
301301 "/api/something/" ,
302- HTTP_ORIGIN = "http ://example.org" ,
302+ HTTP_ORIGIN = "https ://example.org" ,
303303 HTTP_ACCESS_CONTROL_REQUEST_METHOD = "GET" ,
304304 )
305305 assert resp .status_code == 200
306- assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "http ://example.org"
306+ assert resp [ACCESS_CONTROL_ALLOW_ORIGIN ] == "https ://example.org"
307307
308- @override_settings (CORS_ALLOWED_ORIGINS = ["http ://example.com" ])
308+ @override_settings (CORS_ALLOWED_ORIGINS = ["https ://example.com" ])
309309 def test_signal_called_once_during_normal_flow (self ):
310310 calls = 0
311311
@@ -315,69 +315,69 @@ def allow_all(sender, request, **kwargs):
315315 return True
316316
317317 with temporary_check_request_hander (allow_all ):
318- self .client .get ("/" , HTTP_ORIGIN = "http ://example.org" )
318+ self .client .get ("/" , HTTP_ORIGIN = "https ://example.org" )
319319
320320 assert calls == 1
321321
322- @override_settings (CORS_ALLOWED_ORIGINS = ["http ://example.com" ])
323- @prepend_middleware ("tests.test_middleware .ShortCircuitMiddleware"
322+ @override_settings (CORS_ALLOWED_ORIGINS = ["https ://example.com" ])
323+ @prepend_middleware (f" { __name__ }
324324 def test_get_short_circuit (self ):
325325 """
326326 Test a scenario when a middleware that returns a response is run before
327327 the ``CorsMiddleware``. In this case
328328 ``CorsMiddleware.process_response()`` should ignore the request if
329329 MIDDLEWARE setting is used (new mechanism in Django 1.10+).
330330 """
331- resp = self .client .get ("/" , HTTP_ORIGIN = "http ://example.com" )
331+ resp = self .client .get ("/" , HTTP_ORIGIN = "https ://example.com" )
332332 assert ACCESS_CONTROL_ALLOW_ORIGIN not in resp
333333
334334 @override_settings (
335- CORS_ALLOWED_ORIGINS = ["http ://example.com" ], CORS_URLS_REGEX = r"^/foo/$"
335+ CORS_ALLOWED_ORIGINS = ["https ://example.com" ], CORS_URLS_REGEX = r"^/foo/$"
336336 )
337- @prepend_middleware (__name__ + " .ShortCircuitMiddleware"
337+ @prepend_middleware (f" { __name__ }
338338 def test_get_short_circuit_should_be_ignored (self ):
339- resp = self .client .get ("/" , HTTP_ORIGIN = "http ://example.com" )
339+ resp = self .client .get ("/" , HTTP_ORIGIN = "https ://example.com" )
340340 assert ACCESS_CONTROL_ALLOW_ORIGIN not in resp
341341
342342 @override_settings (
343- CORS_ALLOWED_ORIGINS = ["http ://example.com" ], CORS_URLS_REGEX = r"^/foo/$"
343+ CORS_ALLOWED_ORIGINS = ["https ://example.com" ], CORS_URLS_REGEX = r"^/foo/$"
344344 )
345345 def test_get_regex_matches (self ):
346- resp = self .client .get ("/foo/" , HTTP_ORIGIN = "http ://example.com" )
346+ resp = self .client .get ("/foo/" , HTTP_ORIGIN = "https ://example.com" )
347347 assert ACCESS_CONTROL_ALLOW_ORIGIN in resp
348348
349349 @override_settings (
350- CORS_ALLOWED_ORIGINS = ["http ://example.com" ], CORS_URLS_REGEX = r"^/not-foo/$"
350+ CORS_ALLOWED_ORIGINS = ["https ://example.com" ], CORS_URLS_REGEX = r"^/not-foo/$"
351351 )
352352 def test_get_regex_doesnt_match (self ):
353- resp = self .client .get ("/foo/" , HTTP_ORIGIN = "http ://example.com" )
353+ resp = self .client .get ("/foo/" , HTTP_ORIGIN = "https ://example.com" )
354354 assert ACCESS_CONTROL_ALLOW_ORIGIN not in resp
355355
356356 @override_settings (
357- CORS_ALLOWED_ORIGINS = ["http ://example.com" ], CORS_URLS_REGEX = r"^/foo/$"
357+ CORS_ALLOWED_ORIGINS = ["https ://example.com" ], CORS_URLS_REGEX = r"^/foo/$"
358358 )
359359 def test_get_regex_matches_path_info (self ):
360360 resp = self .client .get (
361- "/foo/" , HTTP_ORIGIN = "http ://example.com" , SCRIPT_NAME = "/prefix/"
361+ "/foo/" , HTTP_ORIGIN = "https ://example.com" , SCRIPT_NAME = "/prefix/"
362362 )
363363 assert ACCESS_CONTROL_ALLOW_ORIGIN in resp
364364
365- @override_settings (CORS_ALLOWED_ORIGINS = ["http ://example.com" ])
365+ @override_settings (CORS_ALLOWED_ORIGINS = ["https ://example.com" ])
366366 def test_cors_enabled_is_attached_and_bool (self ):
367367 """
368368 Ensure that request._cors_enabled is available - although a private API
369369 someone might use it for debugging
370370 """
371- resp = self .client .get ("/" , HTTP_ORIGIN = "http ://example.com" )
371+ resp = self .client .get ("/" , HTTP_ORIGIN = "https ://example.com" )
372372 request = resp .wsgi_request
373373 assert isinstance (request ._cors_enabled , bool ) # type: ignore [attr-defined]
374374 assert request ._cors_enabled # type: ignore [attr-defined]
375375
376- @override_settings (CORS_ALLOWED_ORIGINS = ["http ://example.com" ])
376+ @override_settings (CORS_ALLOWED_ORIGINS = ["https ://example.com" ])
377377 def test_works_if_view_deletes_cors_enabled (self ):
378378 """
379379 Just in case something crazy happens in the view or other middleware,
380380 check that get_response doesn't fall over if `_cors_enabled` is removed
381381 """
382- resp = self .client .get ("/delete-is-enabled/" , HTTP_ORIGIN = "http ://example.com" )
382+ resp = self .client .get ("/delete-is-enabled/" , HTTP_ORIGIN = "https ://example.com" )
383383 assert ACCESS_CONTROL_ALLOW_ORIGIN in resp
0 commit comments