MCPcopy
hub / github.com/modelcontextprotocol/registry / TestCORSHeaderValues

Function TestCORSHeaderValues

internal/api/cors_test.go:136–190  ·  view source on GitHub ↗
(t *testing.T)

Source from the content-addressed store, hash-verified

134}
135
136func TestCORSHeaderValues(t *testing.T) {
137 // Create test config with JWT private key
138 testSeed := make([]byte, ed25519.SeedSize)
139 _, err := rand.Read(testSeed)
140 require.NoError(t, err)
141
142 cfg := config.NewConfig()
143 cfg.JWTPrivateKey = hex.EncodeToString(testSeed)
144
145 // Create test services
146 db := database.NewTestDB(t)
147 registryService := service.NewRegistryService(db, cfg)
148
149 shutdownTelemetry, metrics, err := telemetry.InitMetrics("test")
150 assert.NoError(t, err)
151 defer func() { _ = shutdownTelemetry(nil) }()
152
153 versionInfo := &v0.VersionBody{
154 Version: "test",
155 GitCommit: "test",
156 BuildTime: "test",
157 }
158
159 // Create server
160 _ = api.NewServer(cfg, registryService, metrics, versionInfo)
161
162 // Test that CORS is configured with correct values
163 // This is more of a documentation test to ensure we know what CORS settings we use
164
165 t.Run("CORS should allow all origins", func(t *testing.T) {
166 // AllowedOrigins: []string{"*"}
167 // This is tested via integration tests
168 t.Log("CORS allows all origins (*)")
169 })
170
171 t.Run("CORS should allow standard HTTP methods", func(t *testing.T) {
172 // AllowedMethods: GET, POST, PUT, DELETE, OPTIONS
173 t.Log("CORS allows GET, POST, PUT, DELETE, OPTIONS")
174 })
175
176 t.Run("CORS should allow all headers", func(t *testing.T) {
177 // AllowedHeaders: []string{"*"}
178 t.Log("CORS allows all headers (*)")
179 })
180
181 t.Run("CORS should not allow credentials with wildcard origin", func(t *testing.T) {
182 // AllowCredentials: false (required when origin is *)
183 t.Log("CORS does not allow credentials (required for wildcard origin)")
184 })
185
186 t.Run("CORS should set max age to 24 hours", func(t *testing.T) {
187 // MaxAge: 86400 (24 hours)
188 t.Log("CORS max age is 86400 seconds (24 hours)")
189 })
190}

Callers

nothing calls this directly

Calls 5

NewConfigFunction · 0.92
NewTestDBFunction · 0.92
NewRegistryServiceFunction · 0.92
InitMetricsFunction · 0.92
NewServerFunction · 0.92

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…