Opened 9 years ago

Closed 8 years ago

#25328 closed New feature (wontfix)

Add LiveServerTestCase that runs an HTTPS server

Reported by: jgoclawski Owned by: nobody
Component: Testing framework Version: dev
Severity: Normal Keywords:
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: yes
Easy pickings: no UI/UX: no

Description (last modified by Markus Holtermann)

Enabling HTTPS for the whole site is becoming more and more common. Especially considering that Django uses CSRF and session cookies that may be set as "secure". Moreover, soon Let's Encrypt will enable developers to run HTTPS really easily. Let's hope that enabling HTTPS will become a standard behaviour in the near future.

But with current shape of LiveServerTestCase, testing an HTTPS enabled website is impossible. It's not even easy to extend the base class as nearly all server-creation logic is tightly coupled in one function.
If you just wanted to test POST-ing a form, you would need to override CSRF_COOKIE_SECURE just for the test. And each override/mock is weakining the browser test as it modifies the original environment. Not to mention if you had your custom secure cookies. You would need to introduce a new global settings variable, just so you can flip it in your Selenium test and set the cookie without the "secure" flag, just for the test.

My idea is to do two things:

  1. Refactor the base class, so that it can be easily extended.
  2. Add LiveHTTPSServerTestCase, which runs a server thread with HTTPS enabled.

The class can be supplied with custom certificate or can generate a temporary one on the fly.

The question is whether we want such test case (2.) to be a part of Django. Personally, I think that it will encourage using HTTPS and encourage writing at least a basic Selenium test. But I can as well release it as an app, granted the refactor (1.) will be accepted.

Change History (6)

comment:1 by jgoclawski, 9 years ago

Description: modified (diff)

comment:2 by jgoclawski, 9 years ago

  1. S.

I'm not sure of other possible use cases. Perhaps for mixed HTTPS and HTTP configuration, we should run both HTTPS and HTTP servers. Let me know, what you think. The base class for live server test could undergo further refactoring to decouple server thread creation and enable even greater customization.

comment:3 by Markus Holtermann, 9 years ago

Description: modified (diff)
Patch needs improvement: set
Triage Stage: UnreviewedAccepted
Version: 1.8master

The refactor sounds like a good thing / cleanup to me and looks straight forward. Accepting on these grounds.

I'm not sure about the LiveServerTestCase. Feel free to raise that on the developer mailing list or IRC and get other opinions on that. I tend to put that in an external package and maybe integrate into Django if the acceptance is there.

Version 0, edited 9 years ago by Markus Holtermann (next)

comment:4 by Tim Graham, 9 years ago

django-developers thread about HTTPS support for LiveServerTestCase.

comment:5 by Tim Graham <timograham@…>, 9 years ago

In a7901c2e:

Refs #25328 -- Refactored LiveServerTestCase to make it extensible.

comment:6 by Tim Graham, 8 years ago

Resolution: wontfix
Status: newclosed

Closing as there doesn't seem to be interest in this at this time. We can reopen if your third-party package sees widespread adoption. Thanks!

Note: See TracTickets for help on using tickets.
Back to Top