mirror of
https://github.com/foomo/keel.git
synced 2025-10-16 12:35:34 +00:00
113 lines
3.6 KiB
Go
113 lines
3.6 KiB
Go
package middleware_test
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
keelassert "github.com/foomo/keel/keeltest/assert"
|
|
keelhttp "github.com/foomo/keel/net/http"
|
|
"github.com/foomo/keel/net/http/middleware"
|
|
"go.uber.org/zap/zaptest"
|
|
)
|
|
|
|
func TestCORS(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
target string
|
|
origin string
|
|
method string
|
|
with middleware.Middleware
|
|
expect func(t *testing.T, r *http.Request, w *httptest.ResponseRecorder)
|
|
}{
|
|
{
|
|
name: "default",
|
|
method: http.MethodGet,
|
|
origin: "https://www.foomo.org",
|
|
target: "https://www.foomo.org/",
|
|
with: middleware.CORS(),
|
|
expect: func(t *testing.T, r *http.Request, w *httptest.ResponseRecorder) {
|
|
t.Helper()
|
|
keelassert.InlineJSONEq(t, w.Header()) // INLINE: {"Access-Control-Allow-Origin":["*"],"Vary":["Origin"]}
|
|
},
|
|
},
|
|
{
|
|
name: "allow methods",
|
|
method: http.MethodOptions,
|
|
origin: "https://www.foomo.org",
|
|
target: "https://www.foomo.org/",
|
|
with: middleware.CORS(
|
|
middleware.CORSWithAllowMethods(http.MethodGet),
|
|
),
|
|
expect: func(t *testing.T, r *http.Request, w *httptest.ResponseRecorder) {
|
|
t.Helper()
|
|
keelassert.InlineJSONEq(t, w.Header()) // INLINE: {"Access-Control-Allow-Methods":["GET"],"Access-Control-Allow-Origin":["*"],"Vary":["Origin","Access-Control-Request-Method","Access-Control-Request-Headers"]}
|
|
},
|
|
},
|
|
{
|
|
name: "allow origins exact www.foomo.org",
|
|
method: http.MethodGet,
|
|
origin: "https://www.foomo.org",
|
|
target: "https://www.foomo.org/",
|
|
with: middleware.CORS(
|
|
middleware.CORSWithAllowOrigins("https://www.foomo.org"),
|
|
),
|
|
expect: func(t *testing.T, r *http.Request, w *httptest.ResponseRecorder) {
|
|
t.Helper()
|
|
keelassert.InlineJSONEq(t, w.Header()) // INLINE: {"Access-Control-Allow-Origin":["https://www.foomo.org"],"Vary":["Origin"]}
|
|
},
|
|
},
|
|
{
|
|
name: "allow origins wildcard foomo.org",
|
|
method: http.MethodGet,
|
|
origin: "https://www.foomo.org",
|
|
target: "https://www.foomo.org/",
|
|
with: middleware.CORS(
|
|
middleware.CORSWithAllowOrigins("*.foomo.org"),
|
|
),
|
|
expect: func(t *testing.T, r *http.Request, w *httptest.ResponseRecorder) {
|
|
t.Helper()
|
|
keelassert.InlineJSONEq(t, w.Header()) // INLINE: {"Access-Control-Allow-Origin":["https://www.foomo.org"],"Vary":["Origin"]}
|
|
},
|
|
},
|
|
{
|
|
name: "allow origins wildcard foomo.org with http",
|
|
method: http.MethodGet,
|
|
origin: "http://www.foomo.org",
|
|
target: "http://www.foomo.org/",
|
|
with: middleware.CORS(
|
|
middleware.CORSWithAllowOrigins("https://*.foomo.org"),
|
|
),
|
|
expect: func(t *testing.T, r *http.Request, w *httptest.ResponseRecorder) {
|
|
t.Helper()
|
|
keelassert.InlineJSONEq(t, w.Header()) // INLINE: {"Vary":["Origin"]}
|
|
},
|
|
},
|
|
{
|
|
name: "allow origins wildcard foomo.org with https",
|
|
method: http.MethodGet,
|
|
origin: "https://www.foomo.org",
|
|
target: "https://www.foomo.org/",
|
|
with: middleware.CORS(
|
|
middleware.CORSWithAllowOrigins("https://*.foomo.org"),
|
|
),
|
|
expect: func(t *testing.T, r *http.Request, w *httptest.ResponseRecorder) {
|
|
t.Helper()
|
|
keelassert.InlineJSONEq(t, w.Header()) // INLINE: {"Access-Control-Allow-Origin":["https://www.foomo.org"],"Vary":["Origin"]}
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
handler := tt.with(zaptest.NewLogger(t), tt.name, http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
w.WriteHeader(http.StatusOK)
|
|
}))
|
|
r := httptest.NewRequest(tt.method, tt.target, nil)
|
|
r.Header.Add(keelhttp.HeaderOrigin, tt.origin)
|
|
w := httptest.NewRecorder()
|
|
handler.ServeHTTP(w, r)
|
|
tt.expect(t, r, w)
|
|
})
|
|
}
|
|
}
|