def test_default_bypass(self):
"""Default config ignores all calls."""
middleware = cors.CORSMiddleware(debug_app)
env = {'PATH_INFO': '/something/'}
wsgiref.util.setup_testing_defaults(env)
middleware(env.copy(), self.start_response)
self.assertEqual(env['PATH_INFO'], '/something/')
self.assertFalse(
any(h[0] == 'Access-Control-Allow-Origin' for h in self.headers))
def test_netloc_mismatch(self):
"""Netloc match checks ports."""
middleware = cors.CORSMiddleware(debug_app,
allowed_netlocs=["localhost:9000"])
env = {
'REQUEST_METHOD': 'OPTIONS',
'HTTP_ORIGIN': 'http://localhost:8080',
}
wsgiref.util.setup_testing_defaults(env)
middleware(env.copy(), self.start_response)
self.assertFalse(
any(h[0] == 'Access-Control-Allow-Origin' for h in self.headers))
def test_regex(self):
"""Regex matches origin and adds headers."""
middleware = cors.CORSMiddleware(debug_app, allowed_regexes=[".*"])
env = {
'REQUEST_METHOD': 'OPTIONS',
'HTTP_ORIGIN': 'https://foo',
}
wsgiref.util.setup_testing_defaults(env)
middleware(env.copy(), self.start_response)
six.assertCountEqual(self, self.headers,
[('Access-Control-Allow-Methods', ', '.join(
cors.CORSMiddleware.default_methods)),
('Access-Control-Allow-Headers', ', '.join(
cors.CORSMiddleware.default_headers)),
('Access-Control-Allow-Credentials', 'true'),
('Access-Control-Allow-Origin', 'https://foo')])
def test_conditional_import(self):
"""Fail to init if webob not installed."""
with mock.patch('simpl.middleware.cors.webob', new=None):
app = cors.CORSMiddleware(None)
with self.assertRaises(RuntimeError):
app({}, self.start_response)