1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117
|
// Copyright 2015 Google Inc. All rights reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package cors
import (
"net/http"
"net/http/httptest"
"testing"
)
func TestServeHTTPSameOrigin(t *testing.T) {
var handlerRun bool
h := NewHandler(http.HandlerFunc(
func(rw http.ResponseWriter, req *http.Request) {
handlerRun = true
}))
req, err := http.NewRequest("GET", "http://example.com", nil)
if err != nil {
t.Fatalf("http.NewRequest(): got %v, want no error", err)
}
rw := httptest.NewRecorder()
h.ServeHTTP(rw, req)
if !handlerRun {
t.Error("handlerRun: got false, want true")
}
}
func TestServeHTTPPreflight(t *testing.T) {
var handlerRun bool
h := NewHandler(http.HandlerFunc(
func(rw http.ResponseWriter, req *http.Request) {
handlerRun = true
}))
h.AllowCredentials(true)
req, err := http.NewRequest("OPTIONS", "http://example.com", nil)
if err != nil {
t.Fatalf("http.NewRequest(): got %v, want no error", err)
}
req.Header.Set("Origin", "http://google.com")
req.Header.Set("Access-Control-Request-Method", "PUT")
req.Header.Set("Access-Control-Request-Headers", "Cors-Test")
rw := httptest.NewRecorder()
h.ServeHTTP(rw, req)
if got, want := rw.Header().Get("Access-Control-Allow-Origin"), "*"; got != want {
t.Errorf("rw.Header().Get(%q): got %q, want %q", "Access-Control-Allow-Origin", got, want)
}
if got, want := rw.Header().Get("Access-Control-Allow-Methods"), "PUT"; got != want {
t.Errorf("rw.Header().Get(%q): got %q, want %q", "Access-Control-Allow-Methods", got, want)
}
if got, want := rw.Header().Get("Access-Control-Allow-Headers"), "Cors-Test"; got != want {
t.Errorf("rw.Header().Get(%q): got %q, want %q", "Access-Control-Allow-Headers", got, want)
}
if got, want := rw.Header().Get("Access-Control-Allow-Credentials"), "true"; got != want {
t.Errorf("rw.Header().Get(%q): got %q, want %q", "Access-Control-Allow-Credentials", got, want)
}
if handlerRun {
t.Error("handlerRun: got true, want false")
}
}
func TestServeHTTPSimple(t *testing.T) {
var handlerRun bool
h := NewHandler(http.HandlerFunc(
func(rw http.ResponseWriter, req *http.Request) {
handlerRun = true
}))
h.SetOrigin("http://martian.local")
req, err := http.NewRequest("GET", "http://example.com", nil)
if err != nil {
t.Fatalf("http.NewRequest(): got %v, want no error", err)
}
req.Header.Set("Origin", "http://google.com")
req.Header.Set("Access-Control-Request-Method", "GET")
req.Header.Set("Access-Control-Request-Headers", "Cors-Test")
rw := httptest.NewRecorder()
h.ServeHTTP(rw, req)
if got, want := rw.Header().Get("Access-Control-Allow-Origin"), "http://martian.local"; got != want {
t.Errorf("rw.Header().Get(%q): got %q, want %q", "Access-Control-Allow-Origin", got, want)
}
if got, want := rw.Header().Get("Access-Control-Allow-Methods"), "GET"; got != want {
t.Errorf("rw.Header().Get(%q): got %q, want %q", "Access-Control-Allow-Methods", got, want)
}
if got, want := rw.Header().Get("Access-Control-Allow-Headers"), "Cors-Test"; got != want {
t.Errorf("rw.Header().Get(%q): got %q, want %q", "Access-Control-Allow-Headers", got, want)
}
if !handlerRun {
t.Error("handlerRun: got false, want true")
}
}
|