def test_no_origin_header(self):
"""Test when there is no 'Origin' header in the request, in which case,
the request is not cross-origin and doesn't need the CORS headers."""
hook = app.CORSHook()
request = pecan.core.Request({})
state = pecan.core.RoutingState(request, pecan.core.Response(), None)
hook.after(state)
self.assertNotIn('Access-Control-Allow-Origin', state.response.headers)
self.assertNotIn('Access-Control-Allow-Methods',
state.response.headers)
self.assertNotIn('Access-Control-Allow-Headers',
state.response.headers)
def test_unallowed_origin(self):
"""Test when the origin is not in the list of allowed origins."""
hook = app.CORSHook()
request_headers = {'Origin': 'test.com'}
request = pecan.core.Request({})
request.headers = request_headers
state = pecan.core.RoutingState(request, pecan.core.Response(), None)
hook.after(state)
self.assertNotIn('Access-Control-Allow-Origin', state.response.headers)
self.assertNotIn('Access-Control-Allow-Methods',
state.response.headers)
self.assertNotIn('Access-Control-Allow-Headers',
state.response.headers)
def test_allowed_origin(self):
"""Test when the origin is in the list of allowed origins."""
self.CONF.set_override('allowed_cors_origins', 'test.com', 'api')
hook = app.CORSHook()
request = pecan.core.Request({})
request.headers = {'Origin': 'test.com'}
state = pecan.core.RoutingState(request, pecan.core.Response(), None)
hook.after(state)
self.assertIn('Access-Control-Allow-Origin', state.response.headers)
allow_origin = state.response.headers['Access-Control-Allow-Origin']
self.assertEqual('test.com', allow_origin)
self.assertIn('Access-Control-Allow-Methods', state.response.headers)
allow_methods = state.response.headers['Access-Control-Allow-Methods']
self.assertEqual('GET, OPTIONS, PUT, POST', allow_methods)
self.assertIn('Access-Control-Allow-Headers', state.response.headers)
allow_headers = state.response.headers['Access-Control-Allow-Headers']
self.assertEqual('origin, authorization, accept, content-type',
allow_headers)