We want headers in cors config to override the responseheaders config.
(t *testing.T)
| 270 | |
| 271 | // We want headers in cors config to override the responseheaders config. |
| 272 | func TestCORSConfigOverride(t *testing.T) { |
| 273 | mode.Set(mode.Prod) |
| 274 | db := testdb.NewDBWithDefaultUser(t) |
| 275 | defer db.Close() |
| 276 | |
| 277 | config := config.Configuration{PassStrength: 5} |
| 278 | config.Server.ResponseHeaders = map[string]string{ |
| 279 | "New-Cool-Header": "Nice", |
| 280 | "Access-Control-Allow-Origin": "http://example.com/", |
| 281 | "Access-Control-Allow-Methods": "321test", |
| 282 | "Access-Control-Allow-Headers": "some-headers", |
| 283 | } |
| 284 | config.Server.Cors.AllowOrigins = []string{"http://test123.com", "aaa"} |
| 285 | config.Server.Cors.AllowMethods = []string{"GET", "OPTIONS"} |
| 286 | config.Server.Cors.AllowHeaders = []string{"Content-Type"} |
| 287 | |
| 288 | g, closable := Create(db.GormDatabase, |
| 289 | &model.VersionInfo{Version: "1.0.0", BuildDate: "2018-02-20-17:30:47", Commit: "asdasds"}, |
| 290 | &config, |
| 291 | ) |
| 292 | server := httptest.NewServer(g) |
| 293 | |
| 294 | defer func() { |
| 295 | closable() |
| 296 | server.Close() |
| 297 | }() |
| 298 | |
| 299 | req, err := http.NewRequest("OPTIONS", fmt.Sprintf("%s/%s", server.URL, "version"), nil) |
| 300 | req.Header.Add("Content-Type", "application/json") |
| 301 | req.Header.Add("Origin", "http://test123.com") |
| 302 | assert.Nil(t, err) |
| 303 | |
| 304 | res, err := client.Do(req) |
| 305 | assert.Nil(t, err) |
| 306 | assert.Equal(t, http.StatusNoContent, res.StatusCode) |
| 307 | assert.Equal(t, "Nice", res.Header.Get("New-Cool-Header")) |
| 308 | assert.Equal(t, "http://test123.com", res.Header.Get("Access-Control-Allow-Origin")) |
| 309 | assert.Equal(t, "GET,OPTIONS", res.Header.Get("Access-Control-Allow-Methods")) |
| 310 | assert.Equal(t, "Content-Type", res.Header.Get("Access-Control-Allow-Headers")) |
| 311 | |
| 312 | req.Header.Set("Origin", "http://example.com") |
| 313 | res, err = client.Do(req) |
| 314 | assert.Nil(t, err) |
| 315 | assert.Equal(t, http.StatusForbidden, res.StatusCode) |
| 316 | } |
| 317 | |
| 318 | func (s *IntegrationSuite) TestOptionsRequest() { |
| 319 | req := s.newRequest("OPTIONS", "version", "") |
nothing calls this directly
no test coverage detected
searching dependent graphs…