| 4 | |
| 5 | |
| 6 | def test_cors(): |
| 7 | client = TestClient(app) |
| 8 | # Test pre-flight response |
| 9 | headers = { |
| 10 | "Origin": "https://localhost.tiangolo.com", |
| 11 | "Access-Control-Request-Method": "GET", |
| 12 | "Access-Control-Request-Headers": "X-Example", |
| 13 | } |
| 14 | response = client.options("/", headers=headers) |
| 15 | assert response.status_code == 200, response.text |
| 16 | assert response.text == "OK" |
| 17 | assert ( |
| 18 | response.headers["access-control-allow-origin"] |
| 19 | == "https://localhost.tiangolo.com" |
| 20 | ) |
| 21 | assert response.headers["access-control-allow-headers"] == "X-Example" |
| 22 | |
| 23 | # Test standard response |
| 24 | headers = {"Origin": "https://localhost.tiangolo.com"} |
| 25 | response = client.get("/", headers=headers) |
| 26 | assert response.status_code == 200, response.text |
| 27 | assert response.json() == {"message": "Hello World"} |
| 28 | assert ( |
| 29 | response.headers["access-control-allow-origin"] |
| 30 | == "https://localhost.tiangolo.com" |
| 31 | ) |
| 32 | |
| 33 | # Test non-CORS response |
| 34 | response = client.get("/") |
| 35 | assert response.status_code == 200, response.text |
| 36 | assert response.json() == {"message": "Hello World"} |
| 37 | assert "access-control-allow-origin" not in response.headers |