def test_allowed_origin_star(self): conf = Config(allowed_origin='*') # everything is allowed self.assertTrue(allowed(request('GET', '/'), conf)) self.assertTrue( allowed(request('GET', '/', headers={'Origin': 'null'}), conf)) self.assertTrue( allowed(request('GET', '/', headers={'Origin': 'localhost'}), conf)) self.assertTrue( allowed(request('GET', '/', headers={'Origin': 'hackers.com'}), conf))
def test_allowed_origin_specified(self): conf = Config(allowed_origin='localhost') # no origin and only localhost are allowed self.assertTrue(allowed(request('GET', '/'), conf)) self.assertTrue( allowed(request('GET', '/', headers={'Origin': 'localhost'}), conf)) self.assertFalse( allowed(request('GET', '/', headers={'Origin': 'null'}), conf)) self.assertFalse( allowed(request('GET', '/', headers={'Origin': 'hackers.com'}), conf))
def test_allowed_origin_default(self): conf = Config() # lack of Origin is always allowed self.assertTrue(allowed(request('GET', '/'), conf)) # deny all other Origins self.assertFalse( allowed(request('GET', '/', headers={'Origin': 'null'}), conf)) self.assertFalse( allowed(request('GET', '/', headers={'Origin': 'localhost'}), conf)) self.assertFalse( allowed(request('GET', '/', headers={'Origin': 'hackers.com'}), conf))