def test_xml_not_valid(self):
self.reqs['resources']['/crossdomain.xml'] = '<![..]>'
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('xml-not-parsable', result['result'])
self.assertFalse(result['pass'])
def test_xml_not_valid(self):
self.reqs['resources']['/crossdomain.xml'] = '<![..]>'
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('xml-not-parsable', result['result'])
self.assertFalse(result['pass'])
def test_acao_public(self):
self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = '*'
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('cross-origin-resource-sharing-implemented-with-public-access', result['result'])
self.assertEquals('*', result['data']['acao'])
self.assertTrue(result['pass'])
def test_acao_public(self):
self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = '*'
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('cross-origin-resource-sharing-implemented-with-public-access', result['result'])
self.assertEquals('*', result['data']['acao'])
self.assertTrue(result['pass'])
def test_acao_restricted_with_acao(self):
self.reqs['responses']['cors'].request.headers['Origin'] = 'https://http-observatory.services.mozilla.com'
self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = 'https://mozilla.com'
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result'])
self.assertTrue(result['pass'])
def test_acao_restricted_with_acao(self):
self.reqs['responses']['cors'].request.headers['Origin'] = 'https://http-observatory.security.mozilla.org'
self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = 'https://mozilla.com'
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result'])
self.assertTrue(result['pass'])
def test_acao_universal_with_crossdomain(self):
self.reqs['resources']['/crossdomain.xml'] = """
<cross-domain-policy>
<allow-access-from domain="*" secure="true"/>
</cross-domain-policy>"""
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('cross-origin-resource-sharing-implemented-with-universal-access', result['result'])
self.assertFalse(result['pass'])
def test_acao_universal_with_crossdomain(self):
self.reqs['resources']['/crossdomain.xml'] = """
<cross-domain-policy>
<allow-access-from domain="*" secure="true"/>
</cross-domain-policy>"""
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('cross-origin-resource-sharing-implemented-with-universal-access', result['result'])
self.assertFalse(result['pass'])
def test_acao_universal_with_acao(self):
self.reqs['responses']['cors'].request.headers['Origin'] = 'https://http-observatory.services.mozilla.com'
self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = \
'https://http-observatory.services.mozilla.com'
self.reqs['responses']['cors'].headers['Access-Control-Allow-Credentials'] = 'true'
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('cross-origin-resource-sharing-implemented-with-universal-access', result['result'])
self.assertFalse(result['pass'])
def test_acao_restricted_with_crossdomain(self):
self.reqs['resources']['/crossdomain.xml'] = """
<cross-domain-policy>
<allow-access-from domain="http-observatory.security.mozilla.org" secure="true"/>
<allow-access-from domain="github.com" secure="true"/>
</cross-domain-policy>"""
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result'])
self.assertEquals(['http-observatory.security.mozilla.org', 'github.com'], result['data']['crossdomain'])
self.assertTrue(result['pass'])
def test_acao_restricted_with_crossdomain(self):
self.reqs['resources']['/crossdomain.xml'] = """
<cross-domain-policy>
<allow-access-from domain="http-observatory.services.mozilla.com" secure="true"/>
<allow-access-from domain="github.com" secure="true"/>
</cross-domain-policy>"""
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result'])
self.assertEquals(['http-observatory.services.mozilla.com', 'github.com'], result['data']['crossdomain'])
self.assertTrue(result['pass'])
def test_acao_universal_with_acao(self):
self.reqs['responses']['cors'].request.headers[
'Origin'] = 'https://http-observatory.security.mozilla.org'
self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = \
'https://http-observatory.security.mozilla.org'
self.reqs['responses']['cors'].headers[
'Access-Control-Allow-Credentials'] = 'true'
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals(
'cross-origin-resource-sharing-implemented-with-universal-access',
result['result'])
self.assertFalse(result['pass'])
def test_acao_universal_with_clientaccess(self):
self.reqs['resources']['/clientaccesspolicy.xml'] = """
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-methods="*">
<domain uri="*"/>
</allow-from>
</policy>
</cross-domain-access>
</access-policy>"""
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('cross-origin-resource-sharing-implemented-with-universal-access', result['result'])
self.assertFalse(result['pass'])
def test_acao_universal_with_clientaccess(self):
self.reqs['resources']['/clientaccesspolicy.xml'] = """
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-methods="*">
<domain uri="*"/>
</allow-from>
</policy>
</cross-domain-access>
</access-policy>"""
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('cross-origin-resource-sharing-implemented-with-universal-access', result['result'])
self.assertFalse(result['pass'])
def test_acao_restricted_with_clientaccess(self):
self.reqs['resources']['/clientaccesspolicy.xml'] = """
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-methods="*">
<domain uri="http-observatory.services.mozilla.com"/>
<domain uri="github.com"/>
</allow-from>
</policy>
</cross-domain-access>
</access-policy>"""
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result'])
self.assertEquals(['http-observatory.services.mozilla.com', 'github.com'],
result['data']['clientaccesspolicy'])
self.assertTrue(result['pass'])
def test_acao_restricted_with_clientaccess(self):
self.reqs['resources']['/clientaccesspolicy.xml'] = """
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-methods="*">
<domain uri="http-observatory.security.mozilla.org"/>
<domain uri="github.com"/>
</allow-from>
</policy>
</cross-domain-access>
</access-policy>"""
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result'])
self.assertEquals(['http-observatory.security.mozilla.org', 'github.com'],
result['data']['clientaccesspolicy'])
self.assertTrue(result['pass'])
def test_acao_not_implemented(self):
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('cross-origin-resource-sharing-not-implemented',
result['result'])
self.assertTrue(result['pass'])
def test_acao_not_implemented(self):
result = cross_origin_resource_sharing(self.reqs)
self.assertEquals('cross-origin-resource-sharing-not-implemented', result['result'])
self.assertTrue(result['pass'])
