56 lines
1.9 KiB
Python
56 lines
1.9 KiB
Python
|
|
from __future__ import unicode_literals
|
|
|
|
from werkzeug.test import Client
|
|
from werkzeug.wrappers import Response
|
|
|
|
from isso.wsgi import CORSMiddleware
|
|
from isso.utils import origin
|
|
|
|
|
|
def hello_world(environ, start_response):
|
|
start_response('200 OK', [('Content-Type', 'text/html')])
|
|
return ["Hello, World."]
|
|
|
|
|
|
def test_simple_CORS():
|
|
|
|
app = CORSMiddleware(hello_world, origin=origin([
|
|
"https://example.tld/",
|
|
"http://example.tld/",
|
|
"http://example.tld",
|
|
]))
|
|
|
|
client = Client(app, Response)
|
|
|
|
rv = client.get("/", headers={"ORIGIN": "https://example.tld"})
|
|
|
|
assert rv.headers["Access-Control-Allow-Origin"] == "https://example.tld"
|
|
assert rv.headers["Access-Control-Allow-Headers"] == "Origin, Content-Type, X-Origin"
|
|
assert rv.headers["Access-Control-Allow-Credentials"] == "true"
|
|
assert rv.headers["Access-Control-Allow-Methods"] == "GET, POST, PUT, DELETE"
|
|
assert rv.headers["Access-Control-Expose-Headers"] == "X-Set-Cookie"
|
|
|
|
a = client.get("/", headers={"ORIGIN": "http://example.tld"})
|
|
assert a.headers["Access-Control-Allow-Origin"] == "http://example.tld"
|
|
|
|
b = client.get("/", headers={"ORIGIN": "http://example.tld"})
|
|
assert b.headers["Access-Control-Allow-Origin"] == "http://example.tld"
|
|
|
|
c = client.get("/", headers={"ORIGIN": "http://foo.other"})
|
|
assert c.headers["Access-Control-Allow-Origin"] == "https://example.tld"
|
|
|
|
|
|
def test_preflight_CORS():
|
|
|
|
app = CORSMiddleware(hello_world, origin=origin(["http://example.tld"]))
|
|
client = Client(app, Response)
|
|
|
|
rv = client.open(method="OPTIONS", path="/", headers={"ORIGIN": "http://example.tld"})
|
|
assert rv.status_code == 200
|
|
|
|
for hdr in ("Origin", "Headers", "Credentials", "Methods"):
|
|
assert "Access-Control-Allow-%s" % hdr in rv.headers
|
|
|
|
assert rv.headers["Access-Control-Allow-Origin"] == "http://example.tld"
|