1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
|
# -*- coding: utf-8 -*-
"""
test
~~~~
Flask-CORS is a simple extension to Flask allowing you to support cross
origin resource sharing (CORS) using a simple decorator.
:copyright: (c) 2016 by Cory Dolphin.
:license: MIT, see LICENSE for more details.
"""
from ..base_test import FlaskCorsTestCase
from flask import Flask
from flask_cors import *
from flask_cors.core import *
class MethodsCase(FlaskCorsTestCase):
def setUp(self):
self.app = Flask(__name__)
@self.app.route('/defaults')
@cross_origin()
def defaults():
return 'Should only return headers on pre-flight OPTIONS request'
@self.app.route('/test_methods_defined')
@cross_origin(methods=['POST'])
def test_get():
return 'Only allow POST'
def test_defaults(self):
''' Access-Control-Allow-Methods headers should only be returned
if the client makes an OPTIONS request.
'''
self.assertFalse(ACL_METHODS in self.get('/defaults', origin='www.example.com').headers)
self.assertFalse(ACL_METHODS in self.head('/defaults', origin='www.example.com').headers)
res = self.preflight('/defaults', 'POST', origin='www.example.com')
for method in ALL_METHODS:
self.assertTrue(method in res.headers.get(ACL_METHODS))
def test_methods_defined(self):
''' If the methods parameter is defined, it should override the default
methods defined by the user.
'''
self.assertFalse(ACL_METHODS in self.get('/test_methods_defined').headers)
self.assertFalse(ACL_METHODS in self.head('/test_methods_defined').headers)
res = self.preflight('/test_methods_defined', 'POST', origin='www.example.com')
self.assertTrue('POST' in res.headers.get(ACL_METHODS))
res = self.preflight('/test_methods_defined', 'PUT', origin='www.example.com')
self.assertFalse(ACL_METHODS in res.headers)
res = self.get('/test_methods_defined', origin='www.example.com')
self.assertFalse(ACL_METHODS in res.headers)
if __name__ == "__main__":
unittest.main()
|
