diff --git a/tests/unit/test_views.py b/tests/unit/test_views.py index de8acdae7311..6197863ce43a 100644 --- a/tests/unit/test_views.py +++ b/tests/unit/test_views.py @@ -25,7 +25,7 @@ from warehouse.views import ( SEARCH_BOOSTS, SEARCH_FIELDS, current_user_indicator, forbidden, health, httpexception_view, index, robotstxt, opensearchxml, search, force_status, - flash_messages + flash_messages, forbidden_include ) from ..common.db.accounts import UserFactory @@ -147,6 +147,19 @@ def test_logged_out_redirects_login(self): "/accounts/login/?next=/foo/bar/%3Fb%3Ds" +class TestForbiddenIncludeView: + + def test_forbidden_include(self): + exc = pretend.stub() + request = pretend.stub() + + resp = forbidden_include(exc, request) + + assert resp.status_code == 200 + assert resp.content_type == 'text/html' + assert resp.content_length == 0 + + def test_robotstxt(pyramid_request): assert robotstxt(pyramid_request) == {} assert pyramid_request.response.content_type == "text/plain" diff --git a/warehouse/views.py b/warehouse/views.py index c157f502b587..f330900e900e 100644 --- a/warehouse/views.py +++ b/warehouse/views.py @@ -125,6 +125,14 @@ def forbidden(exc, request, redirect_to="accounts.login"): return httpexception_view(exc, request) +@forbidden_view_config(path_info=r"^/_includes/") +@exception_view_config(PredicateMismatch, path_info=r"^/_includes/") +def forbidden_include(exc, request): + # If the forbidden error is for a client-side-include, just return an empty + # response instead of redirecting + return Response() + + @view_config( route_name="robots.txt", renderer="robots.txt",