forked from corydolphin/flask-cors
/
test.py
88 lines (75 loc) · 3.41 KB
/
test.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
try:
import unittest2 as unittest
except ImportError:
import unittest
from flask import Flask
try:
from flask_cors import cross_origin # support local usage without installed package
except:
from flask.ext.cors import cross_origin # this is how you would normally import
AccessControlAllowOrigin = 'Access-Control-Allow-Origin'
class FlaskCorsTestCase(unittest.TestCase):
def iter_verbs(self,c):
''' A simple helper method to iterate through a range of
HTTP Verbs and return the test_client bound instance,
keeping writing our tests as DRY as possible.
'''
for verb in ['get', 'head','options']:
yield getattr(c,verb)
class DefaultsTestCase(FlaskCorsTestCase):
def setUp(self):
self.app = Flask(__name__)
@self.app.route('/', methods=['GET','OPTIONS'])
@cross_origin()
def wildcard():
return 'Welcome!'
def test_wildcard_defaults_no_origin(self):
''' If there is no Origin header in the request, the Access-Control-Allow-Origin
header should not be included, according to the w3 spec.
'''
with self.app.test_client() as c:
for verb in self.iter_verbs(c):
result = verb('/')
self.assertEqual(result.headers.get(AccessControlAllowOrigin), '*')
def test_wildcard_defaults_origin(self):
''' If there is no Origin header in the request, the Access-Control-Allow-Origin
header should be included, if and only if the always_send parameter is
`True`, which is the default value.
'''
example_origin = 'http://example.com'
with self.app.test_client() as c:
for verb in self.iter_verbs(c):
result = verb('/',headers = {'Origin': example_origin})
self.assertEqual(result.headers.get(AccessControlAllowOrigin),'*')
class W3TestCase(FlaskCorsTestCase):
def setUp(self):
self.app = Flask(__name__)
@self.app.route('/', methods=['GET','OPTIONS'])
@cross_origin(origins='*', send_wildcard=False, always_send=False)
def allowOrigins():
''' This sets up flask-cors to echo the request's `Origin` header,
only if it is actually set. This behavior is most similar to the
actual W3 specification, http://www.w3.org/TR/cors/ but
is not the default because it is more common to use the wildcard
approach.
'''
return 'Welcome!'
def test_wildcard_origin_header(self):
''' If there is an Origin header in the request, the Access-Control-Allow-Origin
header should be echoed back.
'''
example_origin = 'http://example.com'
with self.app.test_client() as c:
for verb in self.iter_verbs(c):
result = verb('/', headers = {'Origin': example_origin})
self.assertEqual(result.headers.get(AccessControlAllowOrigin),example_origin)
def test_wildcard_no_origin_header(self):
''' If there is no Origin header in the request, the Access-Control-Allow-Origin
header should not be included.
'''
with self.app.test_client() as c:
for verb in self.iter_verbs(c):
result = verb('/')
self.assertTrue(AccessControlAllowOrigin not in result.headers)
if __name__ == "__main__":
unittest.main()