MCPcopy
hub / github.com/gotify/server / TestInvalidOrigin

Function TestInvalidOrigin

router/router_test.go:143–170  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

141}
142
143func TestInvalidOrigin(t *testing.T) {
144 mode.Set(mode.Prod)
145 db := testdb.NewDBWithDefaultUser(t)
146 defer db.Close()
147
148 config := config.Configuration{PassStrength: 5}
149 config.Server.Cors.AllowOrigins = []string{"---", "http://test.com"}
150
151 g, closable := Create(db.GormDatabase,
152 &model.VersionInfo{Version: "1.0.0", BuildDate: "2018-02-20-17:30:47", Commit: "asdasds"},
153 &config,
154 )
155 server := httptest.NewServer(g)
156
157 defer func() {
158 closable()
159 server.Close()
160 }()
161
162 req, err := http.NewRequest("GET", fmt.Sprintf("%s/%s", server.URL, "version"), nil)
163 req.Header.Add("Origin", "http://test1.com")
164 assert.Nil(t, err)
165
166 res, err := client.Do(req)
167 assert.Nil(t, err)
168 assert.Equal(t, "", res.Header.Get("Access-Control-Allow-Origin"))
169 assert.Equal(t, http.StatusForbidden, res.StatusCode)
170}
171
172func TestAllowedOriginFromResponseHeaders(t *testing.T) {
173 mode.Set(mode.Prod)

Callers

nothing calls this directly

Calls 5

SetFunction · 0.92
NewDBWithDefaultUserFunction · 0.92
CreateFunction · 0.85
DoMethod · 0.80
CloseMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…