(t *testing.T)
| 429 | } |
| 430 | |
| 431 | func TestCorsHeaders(t *testing.T) { |
| 432 | tests := []struct { |
| 433 | name string |
| 434 | originDomain string |
| 435 | method string |
| 436 | allowedOrigin string |
| 437 | expected bool |
| 438 | expectStatus int |
| 439 | expectAllowHeader string |
| 440 | }{ |
| 441 | { |
| 442 | name: "non-preflight request, allow any origin, missing origin header = no CORS logic done", |
| 443 | originDomain: "", |
| 444 | allowedOrigin: "*", |
| 445 | method: http.MethodGet, |
| 446 | expected: false, |
| 447 | expectStatus: http.StatusOK, |
| 448 | }, |
| 449 | { |
| 450 | name: "non-preflight request, allow any origin, specific origin domain", |
| 451 | originDomain: "http://example.com", |
| 452 | allowedOrigin: "*", |
| 453 | method: http.MethodGet, |
| 454 | expected: true, |
| 455 | expectStatus: http.StatusOK, |
| 456 | }, |
| 457 | { |
| 458 | name: "non-preflight request, allow specific origin, missing origin header = no CORS logic done", |
| 459 | originDomain: "", // Request does not have Origin header |
| 460 | allowedOrigin: "http://example.com", |
| 461 | method: http.MethodGet, |
| 462 | expected: false, |
| 463 | expectStatus: http.StatusOK, |
| 464 | }, |
| 465 | { |
| 466 | name: "non-preflight request, allow specific origin, different origin header = CORS logic failure", |
| 467 | originDomain: "http://bar.com", |
| 468 | allowedOrigin: "http://example.com", |
| 469 | method: http.MethodGet, |
| 470 | expected: false, |
| 471 | expectStatus: http.StatusOK, |
| 472 | }, |
| 473 | { |
| 474 | name: "non-preflight request, allow specific origin, matching origin header = CORS logic done", |
| 475 | originDomain: "http://example.com", |
| 476 | allowedOrigin: "http://example.com", |
| 477 | method: http.MethodGet, |
| 478 | expected: true, |
| 479 | expectStatus: http.StatusOK, |
| 480 | }, |
| 481 | { |
| 482 | name: "preflight, allow any origin, missing origin header = no CORS logic done", |
| 483 | originDomain: "", // Request does not have Origin header |
| 484 | allowedOrigin: "*", |
| 485 | method: http.MethodOptions, |
| 486 | expected: false, |
| 487 | expectStatus: http.StatusNoContent, |
| 488 | expectAllowHeader: "OPTIONS, GET, POST", |
nothing calls this directly
no test coverage detected
searching dependent graphs…