hybridgroup.gobot/api/cors_test.go

85 lines
2.8 KiB
Go
Raw Normal View History

//nolint:usestdlibvars,noctx // ok here
2014-09-18 07:20:18 +08:00
package api
import (
2014-09-26 09:28:28 +08:00
"net/http"
"net/http/httptest"
2014-09-18 07:20:18 +08:00
"testing"
"github.com/stretchr/testify/assert"
2014-09-18 07:20:18 +08:00
)
func TestCORSIsOriginAllowed(t *testing.T) {
2014-09-26 09:28:28 +08:00
cors := &CORS{AllowOrigins: []string{"*"}}
cors.generatePatterns()
2014-09-18 07:20:18 +08:00
// When all the origins are accepted
assert.True(t, cors.isOriginAllowed("http://localhost:8000"))
assert.True(t, cors.isOriginAllowed("http://localhost:3001"))
assert.True(t, cors.isOriginAllowed("http://server.com"))
2014-09-18 07:20:18 +08:00
// When one origin is accepted
2014-09-26 09:28:28 +08:00
cors = &CORS{AllowOrigins: []string{"http://localhost:8000"}}
cors.generatePatterns()
2014-09-18 07:20:18 +08:00
assert.True(t, cors.isOriginAllowed("http://localhost:8000"))
assert.False(t, cors.isOriginAllowed("http://localhost:3001"))
assert.False(t, cors.isOriginAllowed("http://server.com"))
2014-09-18 07:20:18 +08:00
// When several origins are accepted
2014-09-26 09:28:28 +08:00
cors = &CORS{AllowOrigins: []string{"http://localhost:*", "http://server.com"}}
cors.generatePatterns()
2014-09-18 07:20:18 +08:00
assert.True(t, cors.isOriginAllowed("http://localhost:8000"))
assert.True(t, cors.isOriginAllowed("http://localhost:3001"))
assert.True(t, cors.isOriginAllowed("http://server.com"))
// When several origins are accepted within the same domain
2014-09-26 09:28:28 +08:00
cors = &CORS{AllowOrigins: []string{"http://*.server.com"}}
cors.generatePatterns()
assert.False(t, cors.isOriginAllowed("http://localhost:8000"))
assert.False(t, cors.isOriginAllowed("http://localhost:3001"))
assert.True(t, cors.isOriginAllowed("http://foo.server.com"))
assert.True(t, cors.isOriginAllowed("http://api.server.com"))
}
func TestCORSAllowedHeaders(t *testing.T) {
2014-09-26 09:28:28 +08:00
cors := &CORS{AllowOrigins: []string{"*"}, AllowHeaders: []string{"Header1", "Header2"}}
assert.Equal(t, "Header1,Header2", cors.AllowedHeaders())
}
func TestCORSAllowedMethods(t *testing.T) {
2014-09-26 09:28:28 +08:00
cors := &CORS{AllowOrigins: []string{"*"}, AllowMethods: []string{"GET", "POST"}}
assert.Equal(t, "GET,POST", cors.AllowedMethods())
cors.AllowMethods = []string{"GET", "POST", "PUT"}
assert.Equal(t, "GET,POST,PUT", cors.AllowedMethods())
2014-09-18 07:20:18 +08:00
}
2014-09-26 09:28:28 +08:00
func TestCORS(t *testing.T) {
api := initTestAPI()
// Accepted origin
allowedOrigin := []string{"http://server.com"}
api.AddHandler(AllowRequestsFrom(allowedOrigin[0]))
request, _ := http.NewRequest("GET", "/api/", nil)
request.Header.Set("Origin", allowedOrigin[0])
response := httptest.NewRecorder()
api.ServeHTTP(response, request)
assert.Equal(t, allowedOrigin, response.Header()["Access-Control-Allow-Origin"])
2014-09-26 09:28:28 +08:00
// Not accepted Origin
disallowedOrigin := []string{"http://disallowed.com"}
request, _ = http.NewRequest("GET", "/api/", nil)
request.Header.Set("Origin", disallowedOrigin[0])
response = httptest.NewRecorder()
api.ServeHTTP(response, request)
assert.NotEqual(t, disallowedOrigin, response.Header()["Access-Control-Allow-Origin"])
assert.NotEqual(t, allowedOrigin, response.Header()["Access-Control-Allow-Origin"])
2014-09-26 09:28:28 +08:00
}