def test_cors_headers_app_origins(self):
cm = CORSManager('')
user = User(screen_name='John Doe',
first_name='John',
last_name='Doe',
email='*****@*****.**')
app = Application(name='Test Application',
authorized_origins=['http://localhost'])
user.applications.append(app)
with transaction.manager:
Session.add(user)
Session.add(app)
Session.flush()
app_id = app.id
request = DummyRequest(headers={'Origin': 'http://localhost'},
params={'client_id': app_id})
response = request.response
cm.add_cors_header(request, response)
self.assertEqual(response.headers, {
'Content-Type': 'text/html; charset=UTF-8',
'Content-Length': '0',
'Access-Control-Allow-Origin': 'http://localhost',
})
def test_cors_headers_app_origins(self):
cm = CORSManager('')
user = User(screen_name='John Doe',
first_name='John',
last_name='Doe',
email='*****@*****.**')
app = Application(name='Test Application',
authorized_origins=['http://localhost'])
user.applications.append(app)
with transaction.manager:
Session.add(user)
Session.add(app)
Session.flush()
app_id = app.id
request = DummyRequest(headers={'Origin': 'http://localhost'},
params={'client_id': app_id})
response = request.response
cm.add_cors_header(request, response)
self.assertEqual(
response.headers, {
'Content-Type': 'text/html; charset=UTF-8',
'Content-Length': '0',
'Access-Control-Allow-Origin': 'http://localhost',
})
def test_cors_headers_global_origins_access_denied(self):
cm = CORSManager('')
request = DummyRequest(headers={'Origin': 'foo'})
response = request.response
cm.add_cors_header(request, response)
self.assertEqual(response.headers, {
'Content-Type': 'text/html; charset=UTF-8',
'Content-Length': '0',
})
def test_cors_headers_global_origins_access_denied(self):
cm = CORSManager('')
request = DummyRequest(headers={'Origin': 'foo'})
response = request.response
cm.add_cors_header(request, response)
self.assertEqual(response.headers, {
'Content-Type': 'text/html; charset=UTF-8',
'Content-Length': '0',
})
def test_cors_headers_global_origins(self):
cm = CORSManager('http://localhost')
request = DummyRequest(headers={'Origin': 'http://localhost'})
response = request.response
cm.add_cors_header(request, response)
self.assertEqual(response.headers, {
'Content-Type': 'text/html; charset=UTF-8',
'Content-Length': '0',
'Access-Control-Allow-Origin': 'http://localhost',
})
def test_cors_headers_global_origins(self):
cm = CORSManager('http://localhost')
request = DummyRequest(headers={'Origin': 'http://localhost'})
response = request.response
cm.add_cors_header(request, response)
self.assertEqual(
response.headers, {
'Content-Type': 'text/html; charset=UTF-8',
'Content-Length': '0',
'Access-Control-Allow-Origin': 'http://localhost',
})
def test_cors_headers_app_origins_access_denied(self):
cm = CORSManager('')
self.db.applications.insert({
'name': 'test-app',
'client_id': 'client1',
'authorized_origins': ['http://localhost'],
}, safe=True)
request = DummyRequest(headers={'Origin': 'http://localhost'},
params={'client_id': 'client2'})
request.db = self.db
response = request.response
cm.add_cors_header(request, response)
self.assertEqual(response.headers, {
'Content-Type': 'text/html; charset=UTF-8',
'Content-Length': '0',
})
def test_cors_headers(self):
cm = CORSManager('')
request = FakeRequest({'Origin': 'foo'})
response = FakeResponse({})
cm.add_cors_header(request, response)
self.assertEqual(response.headers, {})
cm = CORSManager('http://localhost')
request = FakeRequest({'Origin': 'http://localhost'})
response = FakeResponse({})
cm.add_cors_header(request, response)
self.assertEqual(response.headers,
{'Access-Control-Allow-Origin': 'http://localhost'})
