github.com/gogf/gf@v1.16.9/net/ghttp/ghttp_unit_middleware_cors_test.go (about) 1 // Copyright GoFrame Author(https://goframe.org). All Rights Reserved. 2 // 3 // This Source Code Form is subject to the terms of the MIT License. 4 // If a copy of the MIT was not distributed with this file, 5 // You can obtain one at https://github.com/gogf/gf. 6 7 package ghttp_test 8 9 import ( 10 "fmt" 11 "github.com/gogf/gf/frame/g" 12 "github.com/gogf/gf/net/ghttp" 13 "github.com/gogf/gf/test/gtest" 14 "testing" 15 "time" 16 ) 17 18 func Test_Middleware_CORS1(t *testing.T) { 19 p, _ := ports.PopRand() 20 s := g.Server(p) 21 s.Group("/api.v2", func(group *ghttp.RouterGroup) { 22 group.Middleware(MiddlewareCORS) 23 group.POST("/user/list", func(r *ghttp.Request) { 24 r.Response.Write("list") 25 }) 26 }) 27 s.SetPort(p) 28 s.SetDumpRouterMap(false) 29 s.Start() 30 defer s.Shutdown() 31 time.Sleep(100 * time.Millisecond) 32 gtest.C(t, func(t *gtest.T) { 33 client := g.Client() 34 client.SetPrefix(fmt.Sprintf("http://127.0.0.1:%d", p)) 35 // Common Checks. 36 t.Assert(client.GetContent("/"), "Not Found") 37 t.Assert(client.GetContent("/api.v2"), "Not Found") 38 39 // GET request does not any route. 40 resp, err := client.Get("/api.v2/user/list") 41 t.Assert(err, nil) 42 t.Assert(len(resp.Header["Access-Control-Allow-Headers"]), 0) 43 t.Assert(resp.StatusCode, 404) 44 resp.Close() 45 46 // POST request matches the route and CORS middleware. 47 resp, err = client.Post("/api.v2/user/list") 48 t.Assert(err, nil) 49 t.Assert(len(resp.Header["Access-Control-Allow-Headers"]), 1) 50 t.Assert(resp.Header["Access-Control-Allow-Headers"][0], "Origin,Content-Type,Accept,User-Agent,Cookie,Authorization,X-Auth-Token,X-Requested-With") 51 t.Assert(resp.Header["Access-Control-Allow-Methods"][0], "GET,PUT,POST,DELETE,PATCH,HEAD,CONNECT,OPTIONS,TRACE") 52 t.Assert(resp.Header["Access-Control-Allow-Origin"][0], "*") 53 t.Assert(resp.Header["Access-Control-Max-Age"][0], "3628800") 54 resp.Close() 55 }) 56 // OPTIONS GET 57 gtest.C(t, func(t *gtest.T) { 58 client := g.Client() 59 client.SetPrefix(fmt.Sprintf("http://127.0.0.1:%d", p)) 60 client.SetHeader("Access-Control-Request-Method", "GET") 61 resp, err := client.Options("/api.v2/user/list") 62 t.Assert(err, nil) 63 t.Assert(len(resp.Header["Access-Control-Allow-Headers"]), 0) 64 t.Assert(resp.ReadAllString(), "Not Found") 65 t.Assert(resp.StatusCode, 404) 66 resp.Close() 67 }) 68 // OPTIONS POST 69 gtest.C(t, func(t *gtest.T) { 70 client := g.Client() 71 client.SetPrefix(fmt.Sprintf("http://127.0.0.1:%d", p)) 72 client.SetHeader("Access-Control-Request-Method", "POST") 73 resp, err := client.Options("/api.v2/user/list") 74 t.Assert(err, nil) 75 t.Assert(len(resp.Header["Access-Control-Allow-Headers"]), 1) 76 t.Assert(resp.StatusCode, 200) 77 resp.Close() 78 }) 79 } 80 81 func Test_Middleware_CORS2(t *testing.T) { 82 p, _ := ports.PopRand() 83 s := g.Server(p) 84 s.Group("/api.v2", func(group *ghttp.RouterGroup) { 85 group.Middleware(MiddlewareCORS) 86 group.GET("/user/list/{type}", func(r *ghttp.Request) { 87 r.Response.Write(r.Get("type")) 88 }) 89 }) 90 s.SetPort(p) 91 s.SetDumpRouterMap(false) 92 s.Start() 93 defer s.Shutdown() 94 time.Sleep(100 * time.Millisecond) 95 gtest.C(t, func(t *gtest.T) { 96 client := g.Client() 97 client.SetPrefix(fmt.Sprintf("http://127.0.0.1:%d", p)) 98 // Common Checks. 99 t.Assert(client.GetContent("/"), "Not Found") 100 t.Assert(client.GetContent("/api.v2"), "Not Found") 101 // Get request. 102 resp, err := client.Get("/api.v2/user/list/1") 103 t.Assert(err, nil) 104 t.Assert(len(resp.Header["Access-Control-Allow-Headers"]), 1) 105 t.Assert(resp.Header["Access-Control-Allow-Headers"][0], "Origin,Content-Type,Accept,User-Agent,Cookie,Authorization,X-Auth-Token,X-Requested-With") 106 t.Assert(resp.Header["Access-Control-Allow-Methods"][0], "GET,PUT,POST,DELETE,PATCH,HEAD,CONNECT,OPTIONS,TRACE") 107 t.Assert(resp.Header["Access-Control-Allow-Origin"][0], "*") 108 t.Assert(resp.Header["Access-Control-Max-Age"][0], "3628800") 109 t.Assert(resp.ReadAllString(), "1") 110 resp.Close() 111 }) 112 // OPTIONS GET None. 113 gtest.C(t, func(t *gtest.T) { 114 client := g.Client() 115 client.SetPrefix(fmt.Sprintf("http://127.0.0.1:%d", p)) 116 client.SetHeader("Access-Control-Request-Method", "GET") 117 resp, err := client.Options("/api.v2/user") 118 t.Assert(err, nil) 119 t.Assert(len(resp.Header["Access-Control-Allow-Headers"]), 0) 120 t.Assert(resp.StatusCode, 404) 121 resp.Close() 122 }) 123 // OPTIONS GET 124 gtest.C(t, func(t *gtest.T) { 125 client := g.Client() 126 client.SetPrefix(fmt.Sprintf("http://127.0.0.1:%d", p)) 127 client.SetHeader("Access-Control-Request-Method", "GET") 128 resp, err := client.Options("/api.v2/user/list/1") 129 t.Assert(err, nil) 130 t.Assert(len(resp.Header["Access-Control-Allow-Headers"]), 1) 131 t.Assert(resp.StatusCode, 200) 132 resp.Close() 133 }) 134 // OPTIONS POST 135 gtest.C(t, func(t *gtest.T) { 136 client := g.Client() 137 client.SetPrefix(fmt.Sprintf("http://127.0.0.1:%d", p)) 138 client.SetHeader("Access-Control-Request-Method", "POST") 139 resp, err := client.Options("/api.v2/user/list/1") 140 t.Assert(err, nil) 141 t.Assert(len(resp.Header["Access-Control-Allow-Headers"]), 0) 142 t.Assert(resp.StatusCode, 404) 143 resp.Close() 144 }) 145 }