Changes between Version 1 and Version 3 of Ticket #25328


Ignore:
Timestamp:
08/31/2015 05:13:46 AM (4 years ago)
Author:
Markus Holtermann
Comment:

The refactor sounds like a good thing / cleanup to me and looks straight forward. Accepting on these grounds.

I'm not sure about the LiveHTTPSServerTestCase. Feel free to raise that on the developer mailing list or IRC and get other opinions on that. I tend to put that in an external package and maybe integrate into Django if the acceptance is there.

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #25328

    • Property Patch needs improvement set
    • Property Version changed from 1.8 to master
    • Property Triage Stage changed from Unreviewed to Accepted
  • Ticket #25328 – Description

    v1 v3  
    11Enabling HTTPS for the whole site is becoming more and more common. Especially considering that Django uses CSRF and session cookies that may be set as "secure". Moreover, soon Let's Encrypt will enable developers to run HTTPS really easily. Let's hope that enabling HTTPS will become a standard behaviour in the near future.
    22
    3 But with current shape of LiveServerTestCase, testing an HTTPS enabled website is impossible. It's not even easy to extend the base class as nearly all server-creation logic is tightly coupled in one function.
    4 If you just wanted to test POST-ing a form, you would need to override @CSRF_COOKIE_SECURE@ just for the test. And each override/mock is weakining the browser test as it modifies the original environment. Not to mention if you had your custom secure cookies. You would need to introduce a new global settings variable, just so you can flip it in your Selenium test and set the cookie without the "secure" flag, just for the test.
     3But with current shape of `LiveServerTestCase`, testing an HTTPS enabled website is impossible. It's not even easy to extend the base class as nearly all server-creation logic is tightly coupled in one function.
     4If you just wanted to test POST-ing a form, you would need to override `CSRF_COOKIE_SECURE` just for the test. And each override/mock is weakining the browser test as it modifies the original environment. Not to mention if you had your custom secure cookies. You would need to introduce a new global settings variable, just so you can flip it in your Selenium test and set the cookie without the "secure" flag, just for the test.
    55
    66My idea is to do two things:
    771. Refactor the base class, so that it can be easily extended.
    8 2. Add LiveHTTPSServerTestCase, which runs a server thread with HTTPS enabled.
     82. Add `LiveHTTPSServerTestCase`, which runs a server thread with HTTPS enabled.
    99
    1010The class can be supplied with custom certificate or can generate a temporary one on the fly.
Back to Top