github.com/Jeffail/benthos/v3@v3.65.0/lib/api/api_test.go (about) 1 package api 2 3 import ( 4 "net/http" 5 "net/http/httptest" 6 "testing" 7 8 "github.com/Jeffail/benthos/v3/lib/log" 9 "github.com/Jeffail/benthos/v3/lib/metrics" 10 "github.com/stretchr/testify/assert" 11 "github.com/stretchr/testify/require" 12 ) 13 14 func TestAPIEnableCORS(t *testing.T) { 15 conf := NewConfig() 16 conf.CORS.Enabled = true 17 conf.CORS.AllowedOrigins = []string{"*"} 18 19 s, err := New("", "", conf, nil, log.Noop(), metrics.Noop()) 20 require.NoError(t, err) 21 22 handler := s.server.Handler 23 24 request, _ := http.NewRequest("OPTIONS", "/version", http.NoBody) 25 request.Header.Add("Origin", "meow") 26 request.Header.Add("Access-Control-Request-Method", "POST") 27 28 response := httptest.NewRecorder() 29 handler.ServeHTTP(response, request) 30 31 assert.Equal(t, http.StatusOK, response.Code) 32 assert.Equal(t, "*", response.Header().Get("Access-Control-Allow-Origin")) 33 } 34 35 func TestAPIEnableCORSOrigins(t *testing.T) { 36 conf := NewConfig() 37 conf.CORS.Enabled = true 38 conf.CORS.AllowedOrigins = []string{"foo", "bar"} 39 40 s, err := New("", "", conf, nil, log.Noop(), metrics.Noop()) 41 require.NoError(t, err) 42 43 handler := s.server.Handler 44 45 request, _ := http.NewRequest("OPTIONS", "/version", http.NoBody) 46 request.Header.Add("Origin", "foo") 47 request.Header.Add("Access-Control-Request-Method", "POST") 48 49 response := httptest.NewRecorder() 50 handler.ServeHTTP(response, request) 51 52 assert.Equal(t, http.StatusOK, response.Code) 53 assert.Equal(t, "foo", response.Header().Get("Access-Control-Allow-Origin")) 54 55 request, _ = http.NewRequest("OPTIONS", "/version", http.NoBody) 56 request.Header.Add("Origin", "bar") 57 request.Header.Add("Access-Control-Request-Method", "POST") 58 59 response = httptest.NewRecorder() 60 handler.ServeHTTP(response, request) 61 62 assert.Equal(t, http.StatusOK, response.Code) 63 assert.Equal(t, "bar", response.Header().Get("Access-Control-Allow-Origin")) 64 65 request, _ = http.NewRequest("OPTIONS", "/version", http.NoBody) 66 request.Header.Add("Origin", "baz") 67 request.Header.Add("Access-Control-Request-Method", "POST") 68 69 response = httptest.NewRecorder() 70 handler.ServeHTTP(response, request) 71 72 assert.Equal(t, http.StatusOK, response.Code) 73 assert.Equal(t, "", response.Header().Get("Access-Control-Allow-Origin")) 74 } 75 76 func TestAPIEnableCORSNoHeaders(t *testing.T) { 77 conf := NewConfig() 78 conf.CORS.Enabled = true 79 80 _, err := New("", "", conf, nil, log.Noop(), metrics.Noop()) 81 require.Error(t, err) 82 assert.Contains(t, err.Error(), "must specify at least one allowed origin") 83 }