arno/isso
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
e244227f41
isso/specs/test_cors.py
Martin Zimmermann b15f17738e isso.dispatch now dispatches multiple sites based on relative URLs 
The previous approach using a custom X-Custom header did work for the
client-side, but not for activation and deletion links. Now, you need
to add a `name = foo` option to the general section. `isso.dispatch`
then binds this configuration to /foo and can distinguish all API
calls without a special HTTP header.
2013-12-08 19:09:56 +01:00

56 lines
1.8 KiB
Python
Raw Blame History

from __future__ import unicode_literals
from werkzeug.test import Client
from werkzeug.wrappers import Response
from isso.wsgi import CORSMiddleware
from isso.utils import origin
def hello_world(environ, start_response):
start_response('200 OK', [('Content-Type', 'text/html')])
return ["Hello, World."]
def test_simple_CORS():
app = CORSMiddleware(hello_world, origin=origin([
"https://example.tld/",
"http://example.tld/",
"http://example.tld",
]))
client = Client(app, Response)
rv = client.get("/", headers={"ORIGIN": "https://example.tld"})
assert rv.headers["Access-Control-Allow-Origin"] == "https://example.tld"
assert rv.headers["Access-Control-Allow-Headers"] == "Origin, Content-Type"
assert rv.headers["Access-Control-Allow-Credentials"] == "true"
assert rv.headers["Access-Control-Allow-Methods"] == "GET, POST, PUT, DELETE"
assert rv.headers["Access-Control-Expose-Headers"] == "X-Set-Cookie"
a = client.get("/", headers={"ORIGIN": "http://example.tld"})
assert a.headers["Access-Control-Allow-Origin"] == "http://example.tld"
b = client.get("/", headers={"ORIGIN": "http://example.tld"})
assert b.headers["Access-Control-Allow-Origin"] == "http://example.tld"
c = client.get("/", headers={"ORIGIN": "http://foo.other"})
assert c.headers["Access-Control-Allow-Origin"] == "https://example.tld"
def test_preflight_CORS():
app = CORSMiddleware(hello_world, origin=origin(["http://example.tld"]))
client = Client(app, Response)
rv = client.open(method="OPTIONS", path="/", headers={"ORIGIN": "http://example.tld"})
assert rv.status_code == 200
for hdr in ("Origin", "Headers", "Credentials", "Methods"):
assert "Access-Control-Allow-%s" % hdr in rv.headers
assert rv.headers["Access-Control-Allow-Origin"] == "http://example.tld"
Reference in New Issue View Git Blame Copy Permalink