def test_cors_headers_app_origins(self): cm = CORSManager('') user = User(screen_name='John Doe', first_name='John', last_name='Doe', email='*****@*****.**') app = Application(name='Test Application', authorized_origins=['http://localhost']) user.applications.append(app) with transaction.manager: Session.add(user) Session.add(app) Session.flush() app_id = app.id request = DummyRequest(headers={'Origin': 'http://localhost'}, params={'client_id': app_id}) response = request.response cm.add_cors_header(request, response) self.assertEqual(response.headers, { 'Content-Type': 'text/html; charset=UTF-8', 'Content-Length': '0', 'Access-Control-Allow-Origin': 'http://localhost', })
def test_cors_headers_app_origins(self): cm = CORSManager('') user = User(screen_name='John Doe', first_name='John', last_name='Doe', email='*****@*****.**') app = Application(name='Test Application', authorized_origins=['http://localhost']) user.applications.append(app) with transaction.manager: Session.add(user) Session.add(app) Session.flush() app_id = app.id request = DummyRequest(headers={'Origin': 'http://localhost'}, params={'client_id': app_id}) response = request.response cm.add_cors_header(request, response) self.assertEqual( response.headers, { 'Content-Type': 'text/html; charset=UTF-8', 'Content-Length': '0', 'Access-Control-Allow-Origin': 'http://localhost', })
def test_cors_headers_global_origins_access_denied(self): cm = CORSManager('') request = DummyRequest(headers={'Origin': 'foo'}) response = request.response cm.add_cors_header(request, response) self.assertEqual(response.headers, { 'Content-Type': 'text/html; charset=UTF-8', 'Content-Length': '0', })
def test_cors_headers_global_origins(self): cm = CORSManager('http://localhost') request = DummyRequest(headers={'Origin': 'http://localhost'}) response = request.response cm.add_cors_header(request, response) self.assertEqual(response.headers, { 'Content-Type': 'text/html; charset=UTF-8', 'Content-Length': '0', 'Access-Control-Allow-Origin': 'http://localhost', })
def test_cors_headers_global_origins(self): cm = CORSManager('http://localhost') request = DummyRequest(headers={'Origin': 'http://localhost'}) response = request.response cm.add_cors_header(request, response) self.assertEqual( response.headers, { 'Content-Type': 'text/html; charset=UTF-8', 'Content-Length': '0', 'Access-Control-Allow-Origin': 'http://localhost', })
def test_cors_headers_app_origins_access_denied(self): cm = CORSManager('') self.db.applications.insert({ 'name': 'test-app', 'client_id': 'client1', 'authorized_origins': ['http://localhost'], }, safe=True) request = DummyRequest(headers={'Origin': 'http://localhost'}, params={'client_id': 'client2'}) request.db = self.db response = request.response cm.add_cors_header(request, response) self.assertEqual(response.headers, { 'Content-Type': 'text/html; charset=UTF-8', 'Content-Length': '0', })
def test_cors_headers(self): cm = CORSManager('') request = FakeRequest({'Origin': 'foo'}) response = FakeResponse({}) cm.add_cors_header(request, response) self.assertEqual(response.headers, {}) cm = CORSManager('http://localhost') request = FakeRequest({'Origin': 'http://localhost'}) response = FakeResponse({}) cm.add_cors_header(request, response) self.assertEqual(response.headers, {'Access-Control-Allow-Origin': 'http://localhost'})