def test_xml_not_valid(self): self.reqs['resources']['/crossdomain.xml'] = '<![..]>' result = cross_origin_resource_sharing(self.reqs) self.assertEquals('xml-not-parsable', result['result']) self.assertFalse(result['pass'])
def test_acao_public(self): self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = '*' result = cross_origin_resource_sharing(self.reqs) self.assertEquals('cross-origin-resource-sharing-implemented-with-public-access', result['result']) self.assertEquals('*', result['data']['acao']) self.assertTrue(result['pass'])
def test_acao_restricted_with_acao(self): self.reqs['responses']['cors'].request.headers['Origin'] = 'https://http-observatory.services.mozilla.com' self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = 'https://mozilla.com' result = cross_origin_resource_sharing(self.reqs) self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result']) self.assertTrue(result['pass'])
def test_acao_restricted_with_acao(self): self.reqs['responses']['cors'].request.headers['Origin'] = 'https://http-observatory.security.mozilla.org' self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = 'https://mozilla.com' result = cross_origin_resource_sharing(self.reqs) self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result']) self.assertTrue(result['pass'])
def test_acao_universal_with_crossdomain(self): self.reqs['resources']['/crossdomain.xml'] = """ <cross-domain-policy> <allow-access-from domain="*" secure="true"/> </cross-domain-policy>""" result = cross_origin_resource_sharing(self.reqs) self.assertEquals('cross-origin-resource-sharing-implemented-with-universal-access', result['result']) self.assertFalse(result['pass'])
def test_acao_universal_with_acao(self): self.reqs['responses']['cors'].request.headers['Origin'] = 'https://http-observatory.services.mozilla.com' self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = \ 'https://http-observatory.services.mozilla.com' self.reqs['responses']['cors'].headers['Access-Control-Allow-Credentials'] = 'true' result = cross_origin_resource_sharing(self.reqs) self.assertEquals('cross-origin-resource-sharing-implemented-with-universal-access', result['result']) self.assertFalse(result['pass'])
def test_acao_restricted_with_crossdomain(self): self.reqs['resources']['/crossdomain.xml'] = """ <cross-domain-policy> <allow-access-from domain="http-observatory.security.mozilla.org" secure="true"/> <allow-access-from domain="github.com" secure="true"/> </cross-domain-policy>""" result = cross_origin_resource_sharing(self.reqs) self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result']) self.assertEquals(['http-observatory.security.mozilla.org', 'github.com'], result['data']['crossdomain']) self.assertTrue(result['pass'])
def test_acao_restricted_with_crossdomain(self): self.reqs['resources']['/crossdomain.xml'] = """ <cross-domain-policy> <allow-access-from domain="http-observatory.services.mozilla.com" secure="true"/> <allow-access-from domain="github.com" secure="true"/> </cross-domain-policy>""" result = cross_origin_resource_sharing(self.reqs) self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result']) self.assertEquals(['http-observatory.services.mozilla.com', 'github.com'], result['data']['crossdomain']) self.assertTrue(result['pass'])
def test_acao_universal_with_acao(self): self.reqs['responses']['cors'].request.headers[ 'Origin'] = 'https://http-observatory.security.mozilla.org' self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = \ 'https://http-observatory.security.mozilla.org' self.reqs['responses']['cors'].headers[ 'Access-Control-Allow-Credentials'] = 'true' result = cross_origin_resource_sharing(self.reqs) self.assertEquals( 'cross-origin-resource-sharing-implemented-with-universal-access', result['result']) self.assertFalse(result['pass'])
def test_acao_universal_with_clientaccess(self): self.reqs['resources']['/clientaccesspolicy.xml'] = """ <access-policy> <cross-domain-access> <policy> <allow-from http-methods="*"> <domain uri="*"/> </allow-from> </policy> </cross-domain-access> </access-policy>""" result = cross_origin_resource_sharing(self.reqs) self.assertEquals('cross-origin-resource-sharing-implemented-with-universal-access', result['result']) self.assertFalse(result['pass'])
def test_acao_restricted_with_clientaccess(self): self.reqs['resources']['/clientaccesspolicy.xml'] = """ <access-policy> <cross-domain-access> <policy> <allow-from http-methods="*"> <domain uri="http-observatory.services.mozilla.com"/> <domain uri="github.com"/> </allow-from> </policy> </cross-domain-access> </access-policy>""" result = cross_origin_resource_sharing(self.reqs) self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result']) self.assertEquals(['http-observatory.services.mozilla.com', 'github.com'], result['data']['clientaccesspolicy']) self.assertTrue(result['pass'])
def test_acao_restricted_with_clientaccess(self): self.reqs['resources']['/clientaccesspolicy.xml'] = """ <access-policy> <cross-domain-access> <policy> <allow-from http-methods="*"> <domain uri="http-observatory.security.mozilla.org"/> <domain uri="github.com"/> </allow-from> </policy> </cross-domain-access> </access-policy>""" result = cross_origin_resource_sharing(self.reqs) self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result']) self.assertEquals(['http-observatory.security.mozilla.org', 'github.com'], result['data']['clientaccesspolicy']) self.assertTrue(result['pass'])
def test_acao_not_implemented(self): result = cross_origin_resource_sharing(self.reqs) self.assertEquals('cross-origin-resource-sharing-not-implemented', result['result']) self.assertTrue(result['pass'])