MCPcopy
hub / github.com/gotify/server / TestCORSConfigOverride

Function TestCORSConfigOverride

router/router_test.go:272–316  ·  view source on GitHub ↗

We want headers in cors config to override the responseheaders config.

(t *testing.T)

Source from the content-addressed store, hash-verified

270
271// We want headers in cors config to override the responseheaders config.
272func TestCORSConfigOverride(t *testing.T) {
273 mode.Set(mode.Prod)
274 db := testdb.NewDBWithDefaultUser(t)
275 defer db.Close()
276
277 config := config.Configuration{PassStrength: 5}
278 config.Server.ResponseHeaders = map[string]string{
279 "New-Cool-Header": "Nice",
280 "Access-Control-Allow-Origin": "http://example.com/",
281 "Access-Control-Allow-Methods": "321test",
282 "Access-Control-Allow-Headers": "some-headers",
283 }
284 config.Server.Cors.AllowOrigins = []string{"http://test123.com", "aaa"}
285 config.Server.Cors.AllowMethods = []string{"GET", "OPTIONS"}
286 config.Server.Cors.AllowHeaders = []string{"Content-Type"}
287
288 g, closable := Create(db.GormDatabase,
289 &model.VersionInfo{Version: "1.0.0", BuildDate: "2018-02-20-17:30:47", Commit: "asdasds"},
290 &config,
291 )
292 server := httptest.NewServer(g)
293
294 defer func() {
295 closable()
296 server.Close()
297 }()
298
299 req, err := http.NewRequest("OPTIONS", fmt.Sprintf("%s/%s", server.URL, "version"), nil)
300 req.Header.Add("Content-Type", "application/json")
301 req.Header.Add("Origin", "http://test123.com")
302 assert.Nil(t, err)
303
304 res, err := client.Do(req)
305 assert.Nil(t, err)
306 assert.Equal(t, http.StatusNoContent, res.StatusCode)
307 assert.Equal(t, "Nice", res.Header.Get("New-Cool-Header"))
308 assert.Equal(t, "http://test123.com", res.Header.Get("Access-Control-Allow-Origin"))
309 assert.Equal(t, "GET,OPTIONS", res.Header.Get("Access-Control-Allow-Methods"))
310 assert.Equal(t, "Content-Type", res.Header.Get("Access-Control-Allow-Headers"))
311
312 req.Header.Set("Origin", "http://example.com")
313 res, err = client.Do(req)
314 assert.Nil(t, err)
315 assert.Equal(t, http.StatusForbidden, res.StatusCode)
316}
317
318func (s *IntegrationSuite) TestOptionsRequest() {
319 req := s.newRequest("OPTIONS", "version", "")

Callers

nothing calls this directly

Calls 5

SetFunction · 0.92
NewDBWithDefaultUserFunction · 0.92
CreateFunction · 0.85
DoMethod · 0.80
CloseMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…