def test_read_user_with_more_headers_accept_types(self, number, data): resp = self.post(self.USER_API_URL, data=data) assert_valid_JSON_created_response(resp) pk = self.get_pk(resp) for accept_type in self.ACCEPT_TYPES: resp = self.get(self.USER_API_URL, headers={'HTTP_ACCEPT': accept_type}) assert_in(accept_type, resp['Content-Type']) resp = self.get('%s%s/' % (self.USER_API_URL, pk), headers={'HTTP_ACCEPT': accept_type}) assert_true(accept_type in resp['Content-Type']) resp = self.get('%s1050/' % self.USER_API_URL, headers={'HTTP_ACCEPT': accept_type}) assert_true(accept_type in resp['Content-Type']) assert_http_not_found(resp)
def test_read_user_with_more_querystring_accept_types(self, number, data): user = UserFactory() [issue.watched_by.add(user) for issue in (IssueFactory() for _ in range(10))] for accept_type in self.ACCEPT_TYPES: resp = self.get('%s?_accept=%s' % (self.USER_API_URL, accept_type)) assert_in(accept_type, resp['Content-Type']) resp = self.get('%s%s/?_accept=%s' % (self.USER_API_URL, user.pk, accept_type), headers={'HTTP_ACCEPT': accept_type}) assert_true(accept_type in resp['Content-Type']) resp = self.get('%s1050/?_accept=%s' % (self.USER_API_URL, accept_type), headers={'HTTP_ACCEPT': accept_type}) assert_true(accept_type in resp['Content-Type']) assert_http_not_found(resp)
def test_with_turned_on_cors_headers_is_included_with_valid_origin(self, number, data): resp = self.options(self.USER_API_URL, headers={'HTTP_ORIGIN': FOO_DOMAIN}) assert_true(resp.has_header(ACCESS_CONTROL_ALLOW_ORIGIN)) assert_true(resp.has_header(ACCESS_CONTROL_EXPOSE_HEADERS)) assert_true(resp.has_header(ACCESS_CONTROL_ALLOW_CREDENTIALS)) assert_true(resp.has_header(ACCESS_CONTROL_ALLOW_HEADERS)) assert_true(resp.has_header(ACCESS_CONTROL_ALLOW_METHODS)) assert_true(resp.has_header(ACCESS_CONTROL_MAX_AGE)) resp = self.get(self.USER_API_URL, headers={'HTTP_ORIGIN': FOO_DOMAIN}) assert_true(resp.has_header(ACCESS_CONTROL_ALLOW_ORIGIN)) assert_true(resp.has_header(ACCESS_CONTROL_EXPOSE_HEADERS)) assert_true(resp.has_header(ACCESS_CONTROL_ALLOW_CREDENTIALS)) assert_false(resp.has_header(ACCESS_CONTROL_ALLOW_HEADERS)) assert_false(resp.has_header(ACCESS_CONTROL_ALLOW_METHODS)) assert_true(resp.has_header(ACCESS_CONTROL_MAX_AGE))
def test_with_turned_on_cors_headers_is_included_with_valid_origin( self, number, data): resp = self.options(self.USER_API_URL, headers={'HTTP_ORIGIN': FOO_DOMAIN}) assert_true(resp.has_header(ACCESS_CONTROL_ALLOW_ORIGIN)) assert_true(resp.has_header(ACCESS_CONTROL_EXPOSE_HEADERS)) assert_true(resp.has_header(ACCESS_CONTROL_ALLOW_CREDENTIALS)) assert_true(resp.has_header(ACCESS_CONTROL_ALLOW_HEADERS)) assert_true(resp.has_header(ACCESS_CONTROL_ALLOW_METHODS)) assert_true(resp.has_header(ACCESS_CONTROL_MAX_AGE)) resp = self.get(self.USER_API_URL, headers={'HTTP_ORIGIN': FOO_DOMAIN}) assert_true(resp.has_header(ACCESS_CONTROL_ALLOW_ORIGIN)) assert_true(resp.has_header(ACCESS_CONTROL_EXPOSE_HEADERS)) assert_true(resp.has_header(ACCESS_CONTROL_ALLOW_CREDENTIALS)) assert_false(resp.has_header(ACCESS_CONTROL_ALLOW_HEADERS)) assert_false(resp.has_header(ACCESS_CONTROL_ALLOW_METHODS)) assert_true(resp.has_header(ACCESS_CONTROL_MAX_AGE))