@@ -55,6 +55,7 @@ def test_default_src() -> None:
5555 policy = build_policy ()
5656 policy_eq ("default-src example.com example2.com" , policy )
5757
58+
5859@override_settings (CONTENT_SECURITY_POLICY = {"DIRECTIVES" : {"default-src" : {"example.com" , "example2.com" }}})
5960def test_default_src_is_set () -> None :
6061 policy = build_policy ()
@@ -337,6 +338,35 @@ def test_only_nonce_in_value() -> None:
337338 policy_eq ("default-src 'nonce-abc123'" , policy )
338339
339340
341+ @override_settings (CONTENT_SECURITY_POLICY = {"DIRECTIVES" : {"img-src" : ["example.com" , "example.com" ]}})
342+ def test_deduplicate_values () -> None :
343+ """
344+ GitHub issue #40 - given project settings as a tuple, and
345+ an update/replace with a string, concatenate correctly.
346+ """
347+ policy = build_policy ()
348+ policy_eq ("default-src 'self'; img-src example.com" , policy )
349+
350+
351+ @override_settings (CONTENT_SECURITY_POLICY = {"DIRECTIVES" : {"img-src" : ["example.com" , "example.com" ]}})
352+ def test_deduplicate_values_update () -> None :
353+ """
354+ GitHub issue #40 - given project settings as a tuple, and
355+ an update/replace with a string, concatenate correctly.
356+ """
357+ policy = build_policy (update = {"img-src" : "example.com" })
358+ policy_eq ("default-src 'self'; img-src example.com" , policy )
359+
360+
361+ @override_settings (CONTENT_SECURITY_POLICY = {"DIRECTIVES" : {"img-src" : ("example.com" ,)}})
362+ def test_deduplicate_values_replace () -> None :
363+ """
364+ Demonstrate that GitHub issue #40 doesn't affect replacements
365+ """
366+ policy = build_policy (replace = {"img-src" : ["example2.com" , "example2.com" ]})
367+ policy_eq ("default-src 'self'; img-src example2.com" , policy )
368+
369+
340370def test_boolean_directives () -> None :
341371 for directive in ["upgrade-insecure-requests" , "block-all-mixed-content" ]:
342372 with override_settings (CONTENT_SECURITY_POLICY = {"DIRECTIVES" : {directive : True }}):
0 commit comments