mirror of
https://github.com/ipfs/kubo.git
synced 2025-09-11 15:15:58 +08:00
7cf5e87cfe
This commit fixes + improves CORS support License: MIT Signed-off-by: Juan Batiz-Benet <juan@benet.ai>
82 lines
2.4 KiB
Go
82 lines
2.4 KiB
Go
package http
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
cors "github.com/ipfs/go-ipfs/Godeps/_workspace/src/github.com/rs/cors"
|
|
|
|
"github.com/ipfs/go-ipfs/commands"
|
|
)
|
|
|
|
func assertHeaders(t *testing.T, resHeaders http.Header, reqHeaders map[string]string) {
|
|
for name, value := range reqHeaders {
|
|
if resHeaders.Get(name) != value {
|
|
t.Errorf("Invalid header `%s', wanted `%s', got `%s'", name, value, resHeaders.Get(name))
|
|
}
|
|
}
|
|
}
|
|
|
|
func originCfg(origin string) *ServerConfig {
|
|
return &ServerConfig{
|
|
CORSOpts: &cors.Options{
|
|
AllowedOrigins: []string{origin},
|
|
},
|
|
}
|
|
}
|
|
|
|
func TestDisallowedOrigin(t *testing.T) {
|
|
res := httptest.NewRecorder()
|
|
req, _ := http.NewRequest("GET", "http://example.com/foo", nil)
|
|
req.Header.Add("Origin", "http://barbaz.com")
|
|
|
|
handler := NewHandler(commands.Context{}, nil, originCfg(""))
|
|
handler.ServeHTTP(res, req)
|
|
|
|
assertHeaders(t, res.Header(), map[string]string{
|
|
"Access-Control-Allow-Origin": "",
|
|
"Access-Control-Allow-Methods": "",
|
|
"Access-Control-Allow-Credentials": "",
|
|
"Access-Control-Max-Age": "",
|
|
"Access-Control-Expose-Headers": "",
|
|
})
|
|
}
|
|
|
|
func TestWildcardOrigin(t *testing.T) {
|
|
res := httptest.NewRecorder()
|
|
req, _ := http.NewRequest("GET", "http://example.com/foo", nil)
|
|
req.Header.Add("Origin", "http://foobar.com")
|
|
|
|
handler := NewHandler(commands.Context{}, nil, originCfg("*"))
|
|
handler.ServeHTTP(res, req)
|
|
|
|
assertHeaders(t, res.Header(), map[string]string{
|
|
"Access-Control-Allow-Origin": "http://foobar.com",
|
|
"Access-Control-Allow-Methods": "",
|
|
"Access-Control-Allow-Headers": "",
|
|
"Access-Control-Allow-Credentials": "",
|
|
"Access-Control-Max-Age": "",
|
|
"Access-Control-Expose-Headers": "",
|
|
})
|
|
}
|
|
|
|
func TestAllowedMethod(t *testing.T) {
|
|
res := httptest.NewRecorder()
|
|
req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil)
|
|
req.Header.Add("Origin", "http://www.foobar.com")
|
|
req.Header.Add("Access-Control-Request-Method", "PUT")
|
|
|
|
handler := NewHandler(commands.Context{}, nil, originCfg("http://www.foobar.com"))
|
|
handler.ServeHTTP(res, req)
|
|
|
|
assertHeaders(t, res.Header(), map[string]string{
|
|
"Access-Control-Allow-Origin": "http://www.foobar.com",
|
|
"Access-Control-Allow-Methods": "PUT",
|
|
"Access-Control-Allow-Headers": "",
|
|
"Access-Control-Allow-Credentials": "",
|
|
"Access-Control-Max-Age": "",
|
|
"Access-Control-Expose-Headers": "",
|
|
})
|
|
}
|