1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
# -*- coding: utf-8 -*-
"""
test
~~~~
Flask-CORS is a simple extension to Flask allowing you to support cross
origin resource sharing (CORS) using a simple decorator.
:copyright: (c) 2016 by Cory Dolphin.
:license: MIT, see LICENSE for more details.
"""
from ..base_test import FlaskCorsTestCase
from flask import Flask
from flask_cors import *
from flask_cors.core import *
class SupportsCredentialsCase(FlaskCorsTestCase):
def setUp(self):
self.app = Flask(__name__)
@self.app.route('/test_credentials_supported')
@cross_origin(supports_credentials=True)
def test_credentials_supported():
return 'Credentials!'
@self.app.route('/test_credentials_unsupported')
@cross_origin(supports_credentials=False)
def test_credentials_unsupported():
return 'Credentials!'
@self.app.route('/test_default')
@cross_origin()
def test_default():
return 'Open!'
def test_credentials_supported(self):
''' The specified route should return the
Access-Control-Allow-Credentials header.
'''
resp = self.get('/test_credentials_supported', origin='www.example.com')
self.assertEqual(resp.headers.get(ACL_CREDENTIALS), 'true')
def test_default(self):
''' The default behavior should be to disallow credentials.
'''
resp = self.get('/test_default', origin='www.example.com')
self.assertFalse(ACL_CREDENTIALS in resp.headers)
resp = self.get('/test_default')
self.assertFalse(ACL_CREDENTIALS in resp.headers)
def test_credentials_unsupported(self):
''' The default behavior should be to disallow credentials.
'''
resp = self.get('/test_credentials_unsupported', origin='www.example.com')
self.assertFalse(ACL_CREDENTIALS in resp.headers)
resp = self.get('/test_credentials_unsupported')
self.assertFalse(ACL_CREDENTIALS in resp.headers)
if __name__ == "__main__":
unittest.main()
|
