gobot.io/x/gobot@v1.16.0/api/cors_test.go (about) 1 package api 2 3 import ( 4 "net/http" 5 "net/http/httptest" 6 "testing" 7 8 "gobot.io/x/gobot/gobottest" 9 ) 10 11 func TestCORSIsOriginAllowed(t *testing.T) { 12 cors := &CORS{AllowOrigins: []string{"*"}} 13 cors.generatePatterns() 14 15 // When all the origins are accepted 16 gobottest.Assert(t, cors.isOriginAllowed("http://localhost:8000"), true) 17 gobottest.Assert(t, cors.isOriginAllowed("http://localhost:3001"), true) 18 gobottest.Assert(t, cors.isOriginAllowed("http://server.com"), true) 19 20 // When one origin is accepted 21 cors = &CORS{AllowOrigins: []string{"http://localhost:8000"}} 22 cors.generatePatterns() 23 24 gobottest.Assert(t, cors.isOriginAllowed("http://localhost:8000"), true) 25 gobottest.Assert(t, cors.isOriginAllowed("http://localhost:3001"), false) 26 gobottest.Assert(t, cors.isOriginAllowed("http://server.com"), false) 27 28 // When several origins are accepted 29 cors = &CORS{AllowOrigins: []string{"http://localhost:*", "http://server.com"}} 30 cors.generatePatterns() 31 32 gobottest.Assert(t, cors.isOriginAllowed("http://localhost:8000"), true) 33 gobottest.Assert(t, cors.isOriginAllowed("http://localhost:3001"), true) 34 gobottest.Assert(t, cors.isOriginAllowed("http://server.com"), true) 35 36 // When several origins are accepted within the same domain 37 cors = &CORS{AllowOrigins: []string{"http://*.server.com"}} 38 cors.generatePatterns() 39 40 gobottest.Assert(t, cors.isOriginAllowed("http://localhost:8000"), false) 41 gobottest.Assert(t, cors.isOriginAllowed("http://localhost:3001"), false) 42 gobottest.Assert(t, cors.isOriginAllowed("http://foo.server.com"), true) 43 gobottest.Assert(t, cors.isOriginAllowed("http://api.server.com"), true) 44 } 45 46 func TestCORSAllowedHeaders(t *testing.T) { 47 cors := &CORS{AllowOrigins: []string{"*"}, AllowHeaders: []string{"Header1", "Header2"}} 48 49 gobottest.Assert(t, cors.AllowedHeaders(), "Header1,Header2") 50 } 51 52 func TestCORSAllowedMethods(t *testing.T) { 53 cors := &CORS{AllowOrigins: []string{"*"}, AllowMethods: []string{"GET", "POST"}} 54 55 gobottest.Assert(t, cors.AllowedMethods(), "GET,POST") 56 57 cors.AllowMethods = []string{"GET", "POST", "PUT"} 58 59 gobottest.Assert(t, cors.AllowedMethods(), "GET,POST,PUT") 60 } 61 62 func TestCORS(t *testing.T) { 63 api := initTestAPI() 64 65 // Accepted origin 66 allowedOrigin := []string{"http://server.com"} 67 api.AddHandler(AllowRequestsFrom(allowedOrigin[0])) 68 69 request, _ := http.NewRequest("GET", "/api/", nil) 70 request.Header.Set("Origin", allowedOrigin[0]) 71 response := httptest.NewRecorder() 72 api.ServeHTTP(response, request) 73 gobottest.Assert(t, response.Header()["Access-Control-Allow-Origin"], allowedOrigin) 74 75 // Not accepted Origin 76 disallowedOrigin := []string{"http://disallowed.com"} 77 request, _ = http.NewRequest("GET", "/api/", nil) 78 request.Header.Set("Origin", disallowedOrigin[0]) 79 response = httptest.NewRecorder() 80 api.ServeHTTP(response, request) 81 gobottest.Refute(t, response.Header()["Access-Control-Allow-Origin"], disallowedOrigin) 82 gobottest.Refute(t, response.Header()["Access-Control-Allow-Origin"], allowedOrigin) 83 }