def test_allowed_origin_star(self):
conf = Config(allowed_origin='*')
# everything is allowed
self.assertTrue(allowed(request('GET', '/'), conf))
self.assertTrue(
allowed(request('GET', '/', headers={'Origin': 'null'}), conf))
self.assertTrue(
allowed(request('GET', '/', headers={'Origin': 'localhost'}),
conf))
self.assertTrue(
allowed(request('GET', '/', headers={'Origin': 'hackers.com'}),
conf))
def test_allowed_origin_specified(self):
conf = Config(allowed_origin='localhost')
# no origin and only localhost are allowed
self.assertTrue(allowed(request('GET', '/'), conf))
self.assertTrue(
allowed(request('GET', '/', headers={'Origin': 'localhost'}),
conf))
self.assertFalse(
allowed(request('GET', '/', headers={'Origin': 'null'}), conf))
self.assertFalse(
allowed(request('GET', '/', headers={'Origin': 'hackers.com'}),
conf))
def test_allowed_origin_default(self):
conf = Config()
# lack of Origin is always allowed
self.assertTrue(allowed(request('GET', '/'), conf))
# deny all other Origins
self.assertFalse(
allowed(request('GET', '/', headers={'Origin': 'null'}), conf))
self.assertFalse(
allowed(request('GET', '/', headers={'Origin': 'localhost'}),
conf))
self.assertFalse(
allowed(request('GET', '/', headers={'Origin': 'hackers.com'}),
conf))