async def test_no_crossdomain(app, client):
class Foo(Resource):
async def get(self):
return "data"
api = Api(app)
api.add_resource(Foo, '/test/')
res = await client.get('/test/')
assert res.status_code == 200
assert 'Access-Control-Allow-Origin' not in res.headers
assert 'Access-Control-Allow-Methods' not in res.headers
assert 'Access-Control-Max-Age' not in res.headers
async def test_access_control_expose_headers(app, client):
class Foo(Resource):
@cors.crossdomain(origin='*',
expose_headers=['X-My-Header', 'X-Another-Header'])
async def get(self):
return 'data'
api = Api(app)
api.add_resource(Foo, '/test/')
res = await client.get('/test/')
assert res.status_code == 200
assert 'X-MY-HEADER' in res.headers['Access-Control-Expose-Headers']
assert 'X-ANOTHER-HEADER' in res.headers['Access-Control-Expose-Headers']
assert (await res.get_data(False)) == 'data'
async def test_crossdomain(app, client):
class Foo(Resource):
@cors.crossdomain(origin='*')
async def get(self):
return 'data'
api = Api(app)
api.add_resource(Foo, '/test/')
res = await client.get('/test/')
assert res.status_code == 200
assert res.headers['Access-Control-Allow-Origin'] == '*'
assert res.headers['Access-Control-Max-Age'] == '21600'
assert 'HEAD' in res.headers['Access-Control-Allow-Methods']
assert 'OPTIONS' in res.headers['Access-Control-Allow-Methods']
assert 'GET' in res.headers['Access-Control-Allow-Methods']
