(t *testing.T)
| 141 | } |
| 142 | |
| 143 | func TestInvalidOrigin(t *testing.T) { |
| 144 | mode.Set(mode.Prod) |
| 145 | db := testdb.NewDBWithDefaultUser(t) |
| 146 | defer db.Close() |
| 147 | |
| 148 | config := config.Configuration{PassStrength: 5} |
| 149 | config.Server.Cors.AllowOrigins = []string{"---", "http://test.com"} |
| 150 | |
| 151 | g, closable := Create(db.GormDatabase, |
| 152 | &model.VersionInfo{Version: "1.0.0", BuildDate: "2018-02-20-17:30:47", Commit: "asdasds"}, |
| 153 | &config, |
| 154 | ) |
| 155 | server := httptest.NewServer(g) |
| 156 | |
| 157 | defer func() { |
| 158 | closable() |
| 159 | server.Close() |
| 160 | }() |
| 161 | |
| 162 | req, err := http.NewRequest("GET", fmt.Sprintf("%s/%s", server.URL, "version"), nil) |
| 163 | req.Header.Add("Origin", "http://test1.com") |
| 164 | assert.Nil(t, err) |
| 165 | |
| 166 | res, err := client.Do(req) |
| 167 | assert.Nil(t, err) |
| 168 | assert.Equal(t, "", res.Header.Get("Access-Control-Allow-Origin")) |
| 169 | assert.Equal(t, http.StatusForbidden, res.StatusCode) |
| 170 | } |
| 171 | |
| 172 | func TestAllowedOriginFromResponseHeaders(t *testing.T) { |
| 173 | mode.Set(mode.Prod) |
nothing calls this directly
no test coverage detected
searching dependent graphs…