MCPcopy
hub / github.com/github/github-mcp-server / TestSetCorsHeaders

Function TestSetCorsHeaders

pkg/http/middleware/cors_test.go:12–45  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

10)
11
12func TestSetCorsHeaders(t *testing.T) {
13 inner := http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
14 w.WriteHeader(http.StatusOK)
15 })
16 handler := middleware.SetCorsHeaders(inner)
17
18 t.Run("OPTIONS preflight returns 200 with CORS headers", func(t *testing.T) {
19 req := httptest.NewRequest(http.MethodOptions, "/", nil)
20 req.Header.Set("Origin", "http://localhost:6274")
21 rr := httptest.NewRecorder()
22 handler.ServeHTTP(rr, req)
23
24 assert.Equal(t, http.StatusOK, rr.Code)
25 assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin"))
26 assert.Contains(t, rr.Header().Get("Access-Control-Allow-Methods"), "POST")
27 assert.Contains(t, rr.Header().Get("Access-Control-Allow-Headers"), "Authorization")
28 assert.Contains(t, rr.Header().Get("Access-Control-Allow-Headers"), "Content-Type")
29 assert.Contains(t, rr.Header().Get("Access-Control-Allow-Headers"), "Mcp-Session-Id")
30 assert.Contains(t, rr.Header().Get("Access-Control-Allow-Headers"), "X-MCP-Lockdown")
31 assert.Contains(t, rr.Header().Get("Access-Control-Allow-Headers"), "X-MCP-Insiders")
32 assert.Contains(t, rr.Header().Get("Access-Control-Expose-Headers"), "Mcp-Session-Id")
33 assert.Contains(t, rr.Header().Get("Access-Control-Expose-Headers"), "WWW-Authenticate")
34 })
35
36 t.Run("POST request includes CORS headers", func(t *testing.T) {
37 req := httptest.NewRequest(http.MethodPost, "/", nil)
38 req.Header.Set("Origin", "http://localhost:6274")
39 rr := httptest.NewRecorder()
40 handler.ServeHTTP(rr, req)
41
42 assert.Equal(t, http.StatusOK, rr.Code)
43 assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin"))
44 })
45}

Callers

nothing calls this directly

Calls 4

SetCorsHeadersFunction · 0.92
WriteHeaderMethod · 0.80
ServeHTTPMethod · 0.80
HeaderMethod · 0.80

Tested by

no test coverage detected