MCPcopy
hub / github.com/labstack/echo / TestCorsHeaders

Function TestCorsHeaders

middleware/cors_test.go:431–582  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

429}
430
431func TestCorsHeaders(t *testing.T) {
432 tests := []struct {
433 name string
434 originDomain string
435 method string
436 allowedOrigin string
437 expected bool
438 expectStatus int
439 expectAllowHeader string
440 }{
441 {
442 name: "non-preflight request, allow any origin, missing origin header = no CORS logic done",
443 originDomain: "",
444 allowedOrigin: "*",
445 method: http.MethodGet,
446 expected: false,
447 expectStatus: http.StatusOK,
448 },
449 {
450 name: "non-preflight request, allow any origin, specific origin domain",
451 originDomain: "http://example.com",
452 allowedOrigin: "*",
453 method: http.MethodGet,
454 expected: true,
455 expectStatus: http.StatusOK,
456 },
457 {
458 name: "non-preflight request, allow specific origin, missing origin header = no CORS logic done",
459 originDomain: "", // Request does not have Origin header
460 allowedOrigin: "http://example.com",
461 method: http.MethodGet,
462 expected: false,
463 expectStatus: http.StatusOK,
464 },
465 {
466 name: "non-preflight request, allow specific origin, different origin header = CORS logic failure",
467 originDomain: "http://bar.com",
468 allowedOrigin: "http://example.com",
469 method: http.MethodGet,
470 expected: false,
471 expectStatus: http.StatusOK,
472 },
473 {
474 name: "non-preflight request, allow specific origin, matching origin header = CORS logic done",
475 originDomain: "http://example.com",
476 allowedOrigin: "http://example.com",
477 method: http.MethodGet,
478 expected: true,
479 expectStatus: http.StatusOK,
480 },
481 {
482 name: "preflight, allow any origin, missing origin header = no CORS logic done",
483 originDomain: "", // Request does not have Origin header
484 allowedOrigin: "*",
485 method: http.MethodOptions,
486 expected: false,
487 expectStatus: http.StatusNoContent,
488 expectAllowHeader: "OPTIONS, GET, POST",

Callers

nothing calls this directly

Calls 9

CORSWithConfigFunction · 0.85
SetMethod · 0.80
ServeHTTPMethod · 0.80
UseMethod · 0.45
GETMethod · 0.45
StringMethod · 0.45
POSTMethod · 0.45
GetMethod · 0.45
HeaderMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…