goyave.dev/goyave/v5@v5.0.0-rc9.0.20240517145003-d3f977d0b9f3/cors/cors_test.go

goyave.dev/goyave/v5@v5.0.0-rc9.0.20240517145003-d3f977d0b9f3/cors/cors_test.go (about)

     1  package cors
     2  
     3  import (
     4  	"net/http"
     5  	"testing"
     6  	"time"
     7  
     8  	"github.com/stretchr/testify/assert"
     9  )
    10  
    11  func TestConfigureMaxAge(t *testing.T) {
    12  	options := Default()
    13  	headers := http.Header{}
    14  
    15  	options.configureMaxAge(headers)
    16  	assert.Equal(t, "43200", headers.Get("Access-Control-Max-Age"))
    17  
    18  	options.MaxAge = 5 * time.Second
    19  	options.configureMaxAge(headers)
    20  	assert.Equal(t, "5", headers.Get("Access-Control-Max-Age"))
    21  
    22  	options.MaxAge = 6*time.Second + 500*time.Millisecond
    23  	options.configureMaxAge(headers)
    24  	assert.Equal(t, "6", headers.Get("Access-Control-Max-Age"))
    25  }
    26  
    27  func TestConfigureAllowedHeaders(t *testing.T) {
    28  	options := Default()
    29  	headers := http.Header{}
    30  	requestHeaders := http.Header{}
    31  
    32  	options.configureAllowedHeaders(headers, requestHeaders)
    33  	assert.Equal(t, "Origin, Accept, Content-Type, X-Requested-With, Authorization", headers.Get("Access-Control-Allow-Headers"))
    34  
    35  	options.AllowedHeaders = []string{}
    36  	requestHeaders.Set("Access-Control-Request-Headers", "Accept, Origin")
    37  
    38  	options.configureAllowedHeaders(headers, requestHeaders)
    39  	assert.Equal(t, "Accept, Origin", headers.Get("Access-Control-Allow-Headers"))
    40  	assert.Equal(t, "Access-Control-Request-Headers", headers.Get("Vary"))
    41  }
    42  
    43  func TestConfigureAllowedMethods(t *testing.T) {
    44  	options := Default()
    45  	options.AllowedMethods = []string{http.MethodGet, http.MethodPost}
    46  	headers := http.Header{}
    47  
    48  	options.configureAllowedMethods(headers)
    49  	assert.Equal(t, "GET, POST", headers.Get("Access-Control-Allow-Methods"))
    50  }
    51  
    52  func TestConfigureExposedHeaders(t *testing.T) {
    53  	options := Default()
    54  	headers := http.Header{}
    55  
    56  	options.configureExposedHeaders(headers)
    57  	assert.Empty(t, headers.Get("Access-Control-Expose-Headers"))
    58  
    59  	options.ExposedHeaders = []string{"Content-Type", "Accept"}
    60  	options.configureExposedHeaders(headers)
    61  	assert.Equal(t, "Content-Type, Accept", headers.Get("Access-Control-Expose-Headers"))
    62  }
    63  
    64  func TestConfigureCredentials(t *testing.T) {
    65  	options := Default()
    66  	headers := http.Header{}
    67  
    68  	options.configureCredentials(headers)
    69  	assert.Empty(t, headers.Get("Access-Control-Allow-Credentials"))
    70  
    71  	options.AllowCredentials = true
    72  	options.configureCredentials(headers)
    73  	assert.Equal(t, "true", headers.Get("Access-Control-Allow-Credentials"))
    74  }
    75  
    76  func TestConfigureOrigin(t *testing.T) {
    77  	options := Default()
    78  	headers := http.Header{}
    79  	requestHeaders := http.Header{}
    80  
    81  	options.configureOrigin(headers, requestHeaders)
    82  	assert.Equal(t, "*", headers.Get("Access-Control-Allow-Origin"))
    83  
    84  	headers = http.Header{}
    85  	requestHeaders = http.Header{"Origin": {"https://google.com"}}
    86  	options.AllowedOrigins = []string{"https://google.com", "https://images.google.com"}
    87  
    88  	options.configureOrigin(headers, requestHeaders)
    89  	assert.Equal(t, "https://google.com", headers.Get("Access-Control-Allow-Origin"))
    90  	assert.Equal(t, "Origin", headers.Get("Vary"))
    91  
    92  	headers = http.Header{}
    93  	requestHeaders = http.Header{"Origin": {"https://systemglitch.me"}}
    94  	options.configureOrigin(headers, requestHeaders)
    95  	assert.Empty(t, headers.Get("Access-Control-Allow-Origin"))
    96  	assert.Equal(t, "Origin", headers.Get("Vary"))
    97  }
    98  
    99  func TestConfigureCommon(t *testing.T) {
   100  	options := Default()
   101  	options.AllowCredentials = true
   102  	options.AllowedOrigins = []string{"https://google.com", "https://images.google.com"}
   103  	options.ExposedHeaders = []string{"Accept", "Content-Type"}
   104  	headers := http.Header{}
   105  	requestHeaders := http.Header{"Origin": {"https://images.google.com"}}
   106  
   107  	options.ConfigureCommon(headers, requestHeaders)
   108  	assert.Equal(t, "https://images.google.com", headers.Get("Access-Control-Allow-Origin"))
   109  	assert.Equal(t, "Origin", headers.Get("Vary"))
   110  	assert.Equal(t, "true", headers.Get("Access-Control-Allow-Credentials"))
   111  	assert.Equal(t, "Accept, Content-Type", headers.Get("Access-Control-Expose-Headers"))
   112  }
   113  
   114  func TestPreflight(t *testing.T) {
   115  	options := Default()
   116  	options.AllowedMethods = []string{http.MethodGet, http.MethodPut}
   117  	options.MaxAge = 42 * time.Second
   118  	headers := http.Header{}
   119  	requestHeaders := http.Header{}
   120  
   121  	options.HandlePreflight(headers, requestHeaders)
   122  	assert.Equal(t, "GET, PUT", headers.Get("Access-Control-Allow-Methods"))
   123  	assert.Equal(t, "Origin, Accept, Content-Type, X-Requested-With, Authorization", headers.Get("Access-Control-Allow-Headers"))
   124  	assert.Equal(t, "42", headers.Get("Access-Control-Max-Age"))
   125  }