def test_set_default_headers_should_set_access_control_headers(self, request_origin, cors_conf_value):
mock_application = MagicMock(spec_set=ClusterApplication())
mock_request = MagicMock(spec=tornado.httpserver.HTTPRequest('GET', '/v1/versions'), headers={})
Configuration['cors_allowed_origins_regex'] = cors_conf_value
mock_request.headers['Origin'] = request_origin
handler = ClusterBaseAPIHandler(mock_application, mock_request)
handler.set_header = MagicMock()
handler.set_default_headers()
expected_set_access_control_origin_call = call('Access-Control-Allow-Origin', request_origin)
expected_set_access_control_headers_call = call(
'Access-Control-Allow-Headers',
'Content-Type, Accept, X-Requested-With, Session, Session-Id',
)
expected_set_access_control_methods_call = call(
'Access-Control-Allow-Methods',
'GET',
)
self.assertIn(expected_set_access_control_origin_call, handler.set_header.call_args_list,
'set_default_headers() should not set the Access-Control-Allow-Origin header.')
self.assertIn(expected_set_access_control_headers_call, handler.set_header.call_args_list,
'set_default_headers() should not set the Access-Control-Allow-Headers header.')
self.assertIn(expected_set_access_control_methods_call, handler.set_header.call_args_list,
'set_default_headers() should not set the Access-Control-Allow-Methods header.')
def test_set_default_headers_should_set_origin_header(self, request_origin, cors_conf_value):
mock_application = MagicMock(spec_set=ClusterApplication())
mock_request = MagicMock(spec=tornado.httpserver.HTTPRequest, headers={})
Configuration['cors_allowed_origins_regex'] = cors_conf_value
mock_request.headers['Origin'] = request_origin
handler = ClusterBaseAPIHandler(mock_application, mock_request)
handler.set_header = MagicMock()
handler.set_default_headers()
expected_set_origin_header_call = call('Access-Control-Allow-Origin', request_origin)
self.assertIn(expected_set_origin_header_call, handler.set_header.call_args_list,
'set_default_headers() should not set the Access-Control-Allow-Origin header.')
def test_set_default_headers_should_set_origin_header(
self, request_origin, cors_conf_value):
mock_application = MagicMock(spec_set=ClusterApplication())
mock_request = MagicMock(spec=tornado.httpserver.HTTPRequest,
headers={})
Configuration['cors_allowed_origins_regex'] = cors_conf_value
mock_request.headers['Origin'] = request_origin
handler = ClusterBaseAPIHandler(mock_application, mock_request)
handler.set_header = MagicMock()
handler.set_default_headers()
expected_set_origin_header_call = call('Access-Control-Allow-Origin',
request_origin)
self.assertIn(
expected_set_origin_header_call, handler.set_header.call_args_list,
'set_default_headers() should not set the Access-Control-Allow-Origin header.'
)
def test_set_default_headers_should_set_access_control_headers(
self, request_origin, cors_conf_value):
mock_application = MagicMock(spec_set=ClusterApplication())
mock_request = MagicMock(spec=tornado.httpserver.HTTPRequest(
'GET', '/v1/versions'),
headers={})
Configuration['cors_allowed_origins_regex'] = cors_conf_value
mock_request.headers['Origin'] = request_origin
handler = ClusterBaseAPIHandler(mock_application, mock_request)
handler.set_header = MagicMock()
handler.set_default_headers()
expected_set_access_control_origin_call = call(
'Access-Control-Allow-Origin', request_origin)
expected_set_access_control_headers_call = call(
'Access-Control-Allow-Headers',
'Content-Type, Accept, X-Requested-With, Session, Session-Id',
)
expected_set_access_control_methods_call = call(
'Access-Control-Allow-Methods',
'GET',
)
self.assertIn(
expected_set_access_control_origin_call,
handler.set_header.call_args_list,
'set_default_headers() should not set the Access-Control-Allow-Origin header.'
)
self.assertIn(
expected_set_access_control_headers_call,
handler.set_header.call_args_list,
'set_default_headers() should not set the Access-Control-Allow-Headers header.'
)
self.assertIn(
expected_set_access_control_methods_call,
handler.set_header.call_args_list,
'set_default_headers() should not set the Access-Control-Allow-Methods header.'
)
def test_set_default_headers_should_not_set_access_control_headers(
self, request_origin, cors_conf_value):
mock_application = MagicMock(spec_set=ClusterApplication())
mock_request = MagicMock(spec=tornado.httpserver.HTTPRequest(
'GET', '/v1/versions'),
headers={})
if cors_conf_value:
Configuration['cors_allowed_origins_regex'] = cors_conf_value
if request_origin:
mock_request.headers['Origin'] = request_origin
handler = ClusterBaseAPIHandler(mock_application, mock_request)
handler.set_header = MagicMock()
handler.set_default_headers()
any_set_access_control_origin_call = call(
'Access-Control-Allow-Origin', ANY)
any_set_access_control_headers_call = call(
'Access-Control-Allow-Headers', ANY)
any_set_access_control_methods_call = call(
'Access-Control-Allow-Methods', ANY)
self.assertNotIn(
any_set_access_control_origin_call,
handler.set_header.call_args_list,
'set_default_headers() should not set the Access-Control-Allow-Origin header.'
)
self.assertNotIn(
any_set_access_control_headers_call,
handler.set_header.call_args_list,
'set_default_headers() should not set the Access-Control-Allow-Headers header.'
)
self.assertNotIn(
any_set_access_control_methods_call,
handler.set_header.call_args_list,
'set_default_headers() should not set the Access-Control-Allow-Methods header.'
)
def test_set_default_headers_should_not_set_access_control_headers(self, request_origin, cors_conf_value):
mock_application = MagicMock(spec_set=ClusterApplication())
mock_request = MagicMock(spec=tornado.httpserver.HTTPRequest('GET', '/v1/versions'), headers={})
if cors_conf_value:
Configuration['cors_allowed_origins_regex'] = cors_conf_value
if request_origin:
mock_request.headers['Origin'] = request_origin
handler = ClusterBaseAPIHandler(mock_application, mock_request)
handler.set_header = MagicMock()
handler.set_default_headers()
any_set_access_control_origin_call = call('Access-Control-Allow-Origin', ANY)
any_set_access_control_headers_call = call('Access-Control-Allow-Headers', ANY)
any_set_access_control_methods_call = call('Access-Control-Allow-Methods', ANY)
self.assertNotIn(any_set_access_control_origin_call, handler.set_header.call_args_list,
'set_default_headers() should not set the Access-Control-Allow-Origin header.')
self.assertNotIn(any_set_access_control_headers_call, handler.set_header.call_args_list,
'set_default_headers() should not set the Access-Control-Allow-Headers header.')
self.assertNotIn(any_set_access_control_methods_call, handler.set_header.call_args_list,
'set_default_headers() should not set the Access-Control-Allow-Methods header.')