summaryrefslogtreecommitdiff
path: root/isso/tests/test_cors.py
blob: 4cfc20dd2c0fd6c62ca2e1ccb7797341cc51c95c (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

from __future__ import unicode_literals

try:
    import unittest2 as unittest
except ImportError:
    import unittest

from werkzeug.test import Client
from werkzeug.wrappers import Response

from isso.wsgi import CORSMiddleware, origin


def hello_world(environ, start_response):
    start_response('200 OK', [('Content-Type', 'text/html')])
    return ["Hello, World."]


class CORSTest(unittest.TestCase):

    def test_simple(self):

        app = CORSMiddleware(hello_world,
            origin=origin([
                "https://example.tld/",
                "http://example.tld/",
            ]),
            allowed=("Foo", "Bar"), exposed=("Spam", ))

        client = Client(app, Response)

        rv = client.get("/", headers={"Origin": "https://example.tld"})

        self.assertEqual(rv.headers["Access-Control-Allow-Origin"], "https://example.tld")
        self.assertEqual(rv.headers["Access-Control-Allow-Credentials"], "true")
        self.assertEqual(rv.headers["Access-Control-Allow-Methods"], "HEAD, GET, POST, PUT, DELETE")
        self.assertEqual(rv.headers["Access-Control-Allow-Headers"], "Foo, Bar")
        self.assertEqual(rv.headers["Access-Control-Expose-Headers"], "Spam")

        a = client.get("/", headers={"Origin": "http://example.tld"})
        self.assertEqual(a.headers["Access-Control-Allow-Origin"], "http://example.tld")

        b = client.get("/", headers={"Origin": "http://example.tld"})
        self.assertEqual(b.headers["Access-Control-Allow-Origin"], "http://example.tld")

        c = client.get("/", headers={"Origin": "http://foo.other"})
        self.assertEqual(c.headers["Access-Control-Allow-Origin"], "https://example.tld")


    def test_preflight(self):

        app = CORSMiddleware(hello_world, origin=origin(["http://example.tld"]),
                             allowed=("Foo", ), exposed=("Bar", ))
        client = Client(app, Response)

        rv = client.open(method="OPTIONS", path="/", headers={"Origin": "http://example.tld"})
        self.assertEqual(rv.status_code, 200)

        for hdr in ("Origin", "Headers", "Credentials", "Methods"):
            self.assertIn("Access-Control-Allow-%s" % hdr, rv.headers)

        self.assertEqual(rv.headers["Access-Control-Allow-Origin"], "http://example.tld")
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-01 15:53:27 +0000