(t *testing.T)
| 134 | } |
| 135 | |
| 136 | func TestCORSHeaderValues(t *testing.T) { |
| 137 | // Create test config with JWT private key |
| 138 | testSeed := make([]byte, ed25519.SeedSize) |
| 139 | _, err := rand.Read(testSeed) |
| 140 | require.NoError(t, err) |
| 141 | |
| 142 | cfg := config.NewConfig() |
| 143 | cfg.JWTPrivateKey = hex.EncodeToString(testSeed) |
| 144 | |
| 145 | // Create test services |
| 146 | db := database.NewTestDB(t) |
| 147 | registryService := service.NewRegistryService(db, cfg) |
| 148 | |
| 149 | shutdownTelemetry, metrics, err := telemetry.InitMetrics("test") |
| 150 | assert.NoError(t, err) |
| 151 | defer func() { _ = shutdownTelemetry(nil) }() |
| 152 | |
| 153 | versionInfo := &v0.VersionBody{ |
| 154 | Version: "test", |
| 155 | GitCommit: "test", |
| 156 | BuildTime: "test", |
| 157 | } |
| 158 | |
| 159 | // Create server |
| 160 | _ = api.NewServer(cfg, registryService, metrics, versionInfo) |
| 161 | |
| 162 | // Test that CORS is configured with correct values |
| 163 | // This is more of a documentation test to ensure we know what CORS settings we use |
| 164 | |
| 165 | t.Run("CORS should allow all origins", func(t *testing.T) { |
| 166 | // AllowedOrigins: []string{"*"} |
| 167 | // This is tested via integration tests |
| 168 | t.Log("CORS allows all origins (*)") |
| 169 | }) |
| 170 | |
| 171 | t.Run("CORS should allow standard HTTP methods", func(t *testing.T) { |
| 172 | // AllowedMethods: GET, POST, PUT, DELETE, OPTIONS |
| 173 | t.Log("CORS allows GET, POST, PUT, DELETE, OPTIONS") |
| 174 | }) |
| 175 | |
| 176 | t.Run("CORS should allow all headers", func(t *testing.T) { |
| 177 | // AllowedHeaders: []string{"*"} |
| 178 | t.Log("CORS allows all headers (*)") |
| 179 | }) |
| 180 | |
| 181 | t.Run("CORS should not allow credentials with wildcard origin", func(t *testing.T) { |
| 182 | // AllowCredentials: false (required when origin is *) |
| 183 | t.Log("CORS does not allow credentials (required for wildcard origin)") |
| 184 | }) |
| 185 | |
| 186 | t.Run("CORS should set max age to 24 hours", func(t *testing.T) { |
| 187 | // MaxAge: 86400 (24 hours) |
| 188 | t.Log("CORS max age is 86400 seconds (24 hours)") |
| 189 | }) |
| 190 | } |
nothing calls this directly
no test coverage detected
searching dependent graphs…