diff --git a/kitsune/notifications/tests/test_api.py b/kitsune/notifications/tests/test_api.py index 85509408307..13bbe3b6a2a 100644 --- a/kitsune/notifications/tests/test_api.py +++ b/kitsune/notifications/tests/test_api.py @@ -167,3 +167,16 @@ def test_updates_subview(self, requests): eq_(act['actor']['username'], a.creator.username) eq_(act['target']['content'], q.content_parsed) eq_(act['action_object']['content'], a.content_parsed) + + def test_is_cors(self, requests): + u = profile().user + q = question(save=True) + self.client.force_authenticate(user=u) + url = reverse('realtimeregistration-list') + data = { + 'content_type': 'question', + 'object_id': q.id, + 'endpoint': 'http://example.com', + } + res = self.client.post(url, data, HTTP_ORIGIN='http://example.com') + eq_(res['Access-Control-Allow-Origin'], '*') diff --git a/kitsune/settings.py b/kitsune/settings.py index 328a99122dd..18a6a99d7ea 100644 --- a/kitsune/settings.py +++ b/kitsune/settings.py @@ -917,6 +917,7 @@ def read_only_mode(env): r'^/api/2/pushnotification/.*$', r'^/api/2/notification/.*$', r'^/api/2/question/.*$', + r'^/api/2/realtime/.*$', r'^/api/2/search/.*$', r'^/api/2/user/.*$', ] diff --git a/kitsune/wiki/tests/test_views.py b/kitsune/wiki/tests/test_views.py index 98d2fa08a42..bf6669720e4 100644 --- a/kitsune/wiki/tests/test_views.py +++ b/kitsune/wiki/tests/test_views.py @@ -652,9 +652,9 @@ def test_xframe_options(self): url += '?minimal=1&mobile=1' res = self.client.get(url) # If it is not set to "DENY", then it is allowed. - assert 'x-frame-options' not in res._headers + assert 'X-Frame-Options' not in res def test_xframe_options_deny_not_minimal(self): url = reverse('wiki.document', args=[self.doc.slug], locale='en-US') res = self.client.get(url) - eq_(res._headers['x-frame-options'][1], 'DENY') + eq_(res['X-Frame-Options'], 'DENY')