github.com/hechain20/hechain@v0.0.0-20220316014945-b544036ba106/internal/configtxlator/integration/cors_test.go (about) 1 /* 2 Copyright hechain. All Rights Reserved. 3 4 SPDX-License-Identifier: Apache-2.0 5 */ 6 7 package integration_test 8 9 import ( 10 "fmt" 11 "io" 12 "net/http" 13 "os/exec" 14 "regexp" 15 "syscall" 16 17 . "github.com/onsi/ginkgo" 18 . "github.com/onsi/gomega" 19 "github.com/onsi/gomega/gbytes" 20 "github.com/onsi/gomega/gexec" 21 ) 22 23 var _ = Describe("CORS", func() { 24 var ( 25 sess *gexec.Session 26 req *http.Request 27 28 // runServer starts the server on an ephemeral port, then creates a CORS request 29 // targeting that same server (but does not send it), it must be invoked inside 30 // the BeforeEach of each test 31 runServer func(args ...string) 32 ) 33 34 BeforeEach(func() { 35 runServer = func(args ...string) { 36 cmd := exec.Command(configtxlatorPath, args...) 37 var err error 38 errBuffer := gbytes.NewBuffer() 39 sess, err = gexec.Start(cmd, GinkgoWriter, io.MultiWriter(errBuffer, GinkgoWriter)) 40 Expect(err).NotTo(HaveOccurred()) 41 Consistently(sess.Exited).ShouldNot(BeClosed()) 42 Eventually(errBuffer).Should(gbytes.Say("Serving HTTP requests on 127.0.0.1:")) 43 address := regexp.MustCompile("127.0.0.1:[0-9]+").FindString(string(errBuffer.Contents())) 44 Expect(address).NotTo(BeEmpty()) 45 46 req, err = http.NewRequest("OPTIONS", fmt.Sprintf("http://%s/protolator/encode/common.Block", address), nil) 47 Expect(err).NotTo(HaveOccurred()) 48 req.Header.Add("Origin", "http://foo.com") 49 req.Header.Add("Access-Control-Request-Method", "POST") 50 req.Header.Add("Access-Control-Request-Headers", "Content-Type") 51 } 52 }) 53 54 AfterEach(func() { 55 sess.Signal(syscall.SIGKILL) 56 Eventually(sess.Exited).Should(BeClosed()) 57 Expect(sess.ExitCode()).To(Equal(137)) 58 }) 59 60 Context("when CORS options are not provided", func() { 61 BeforeEach(func() { 62 runServer("start", "--hostname", "127.0.0.1", "--port", "0") 63 }) 64 65 It("rejects CORS OPTIONS requests", func() { 66 resp, err := http.DefaultClient.Do(req) 67 Expect(err).NotTo(HaveOccurred()) 68 Expect(resp.StatusCode).To(Equal(http.StatusMethodNotAllowed)) 69 }) 70 }) 71 72 Context("when the CORS wildcard is provided", func() { 73 BeforeEach(func() { 74 runServer("start", "--hostname", "127.0.0.1", "--port", "0", "--CORS", "*") 75 }) 76 77 It("it allows CORS requests from any domain", func() { 78 resp, err := http.DefaultClient.Do(req) 79 Expect(err).NotTo(HaveOccurred()) 80 Expect(resp.Header.Get("Access-Control-Allow-Origin")).To(Equal("*")) 81 Expect(resp.Header.Get("Access-Control-Allow-Headers")).To(Equal("Content-Type")) 82 Expect(resp.StatusCode).To(Equal(http.StatusOK)) 83 }) 84 }) 85 86 Context("when multiple CORS options are provided", func() { 87 BeforeEach(func() { 88 runServer("start", "--hostname", "127.0.0.1", "--port", "0", "--CORS", "http://foo.com", "--CORS", "http://bar.com") 89 }) 90 91 It("it allows CORS requests from any of them", func() { 92 resp, err := http.DefaultClient.Do(req) 93 Expect(err).NotTo(HaveOccurred()) 94 Expect(resp.Header.Get("Access-Control-Allow-Origin")).To(Equal("http://foo.com")) 95 Expect(resp.Header.Get("Access-Control-Allow-Headers")).To(Equal("Content-Type")) 96 Expect(resp.StatusCode).To(Equal(http.StatusOK)) 97 }) 98 }) 99 })