Exemple #1
0
 def test_no_origin_header(self):
     """Test when there is no 'Origin' header in the request, in which case,
     the request is not cross-origin and doesn't need the CORS headers."""
     hook = app.CORSHook()
     request = pecan.core.Request({})
     state = pecan.core.RoutingState(request, pecan.core.Response(), None)
     hook.after(state)
     self.assertNotIn('Access-Control-Allow-Origin', state.response.headers)
     self.assertNotIn('Access-Control-Allow-Methods',
                      state.response.headers)
     self.assertNotIn('Access-Control-Allow-Headers',
                      state.response.headers)
Exemple #2
0
 def test_unallowed_origin(self):
     """Test when the origin is not in the list of allowed origins."""
     hook = app.CORSHook()
     request_headers = {'Origin': 'test.com'}
     request = pecan.core.Request({})
     request.headers = request_headers
     state = pecan.core.RoutingState(request, pecan.core.Response(), None)
     hook.after(state)
     self.assertNotIn('Access-Control-Allow-Origin', state.response.headers)
     self.assertNotIn('Access-Control-Allow-Methods',
                      state.response.headers)
     self.assertNotIn('Access-Control-Allow-Headers',
                      state.response.headers)
Exemple #3
0
    def test_allowed_origin(self):
        """Test when the origin is in the list of allowed origins."""
        self.CONF.set_override('allowed_cors_origins', 'test.com', 'api')
        hook = app.CORSHook()
        request = pecan.core.Request({})
        request.headers = {'Origin': 'test.com'}
        state = pecan.core.RoutingState(request, pecan.core.Response(), None)
        hook.after(state)

        self.assertIn('Access-Control-Allow-Origin', state.response.headers)
        allow_origin = state.response.headers['Access-Control-Allow-Origin']
        self.assertEqual('test.com', allow_origin)

        self.assertIn('Access-Control-Allow-Methods', state.response.headers)
        allow_methods = state.response.headers['Access-Control-Allow-Methods']
        self.assertEqual('GET, OPTIONS, PUT, POST', allow_methods)

        self.assertIn('Access-Control-Allow-Headers', state.response.headers)
        allow_headers = state.response.headers['Access-Control-Allow-Headers']
        self.assertEqual('origin, authorization, accept, content-type',
                         allow_headers)