def test_simple(self): app = CORSMiddleware(hello_world, origin=origin([ "https://example.tld/", "http://example.tld/", ]), allowed=("Foo", "Bar"), exposed=("Spam", )) client = Client(app, Response) rv = client.get("/", headers={"Origin": "https://example.tld"}) self.assertEqual( rv.headers["Access-Control-Allow-Origin"], "https://example.tld") self.assertEqual( rv.headers["Access-Control-Allow-Credentials"], "true") self.assertEqual( rv.headers["Access-Control-Allow-Methods"], "HEAD, GET, POST, PUT, DELETE") self.assertEqual( rv.headers["Access-Control-Allow-Headers"], "Foo, Bar") self.assertEqual(rv.headers["Access-Control-Expose-Headers"], "Spam") a = client.get("/", headers={"Origin": "http://example.tld"}) self.assertEqual( a.headers["Access-Control-Allow-Origin"], "http://example.tld") b = client.get("/", headers={"Origin": "http://example.tld"}) self.assertEqual( b.headers["Access-Control-Allow-Origin"], "http://example.tld") c = client.get("/", headers={"Origin": "http://foo.other"}) self.assertEqual( c.headers["Access-Control-Allow-Origin"], "https://example.tld")
def test_simple_CORS(): app = CORSMiddleware(hello_world, hosts=[ "https://example.tld/", "http://example.tld/", "http://example.tld", ]) client = Client(app, Response) rv = client.get("/", headers={"ORIGIN": "https://example.tld"}) assert rv.headers["Access-Control-Allow-Origin"] == "https://example.tld" assert rv.headers["Access-Control-Allow-Headers"] == "Origin, Content-Type" assert rv.headers["Access-Control-Allow-Credentials"] == "true" assert rv.headers[ "Access-Control-Allow-Methods"] == "GET, POST, PUT, DELETE" assert rv.headers["Access-Control-Expose-Headers"] == "X-Set-Cookie" a = client.get("/", headers={"ORIGIN": "http://example.tld/"}) assert a.headers["Access-Control-Allow-Origin"] == "http://example.tld" b = client.get("/", headers={"ORIGIN": "http://example.tld"}) assert a.headers["Access-Control-Allow-Origin"] == "http://example.tld" c = client.get("/", headers={"ORIGIN": "http://foo.other/"}) assert a.headers["Access-Control-Allow-Origin"] == "http://example.tld"
def test_preflight(self): app = CORSMiddleware(hello_world, origin=origin(["http://example.tld"]), allowed=("Foo", ), exposed=("Bar", )) client = Client(app, Response) rv = client.open(method="OPTIONS", path="/", headers={"Origin": "http://example.tld"}) self.assertEqual(rv.status_code, 200) for hdr in ("Origin", "Headers", "Credentials", "Methods"): self.assertIn("Access-Control-Allow-%s" % hdr, rv.headers) self.assertEqual(rv.headers["Access-Control-Allow-Origin"], "http://example.tld")
def test_preflight_CORS(): app = CORSMiddleware(hello_world, hosts=["http://example.tld"]) client = Client(app, Response) rv = client.open(method="OPTIONS", path="/", headers={"ORIGIN": "http://example.tld"}) assert rv.status_code == 200 for hdr in ("Origin", "Headers", "Credentials", "Methods"): assert "Access-Control-Allow-%s" % hdr in rv.headers assert rv.headers["Access-Control-Allow-Origin"] == "http://example.tld"