This commit is contained in:
@@ -0,0 +1,81 @@
|
||||
package ginext
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
"net/http/httptest"
|
||||
"strings"
|
||||
"testing"
|
||||
|
||||
"github.com/gin-gonic/gin"
|
||||
)
|
||||
|
||||
func TestCorsMiddleware_SetsHeaders(t *testing.T) {
|
||||
rec := httptest.NewRecorder()
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Request = httptest.NewRequest(http.MethodGet, "/", nil)
|
||||
|
||||
mw := CorsMiddleware([]string{"X-Foo", "X-Bar"}, []string{"X-Exposed"})
|
||||
mw(c)
|
||||
|
||||
h := rec.Header()
|
||||
if h.Get("Access-Control-Allow-Origin") != "*" {
|
||||
t.Fatalf("expected Allow-Origin *")
|
||||
}
|
||||
if h.Get("Access-Control-Allow-Credentials") != "true" {
|
||||
t.Fatalf("expected Allow-Credentials true")
|
||||
}
|
||||
if h.Get("Access-Control-Allow-Headers") != "X-Foo, X-Bar" {
|
||||
t.Fatalf("expected Allow-Headers X-Foo, X-Bar got %q", h.Get("Access-Control-Allow-Headers"))
|
||||
}
|
||||
if h.Get("Access-Control-Expose-Headers") != "X-Exposed" {
|
||||
t.Fatalf("expected Expose-Headers X-Exposed got %q", h.Get("Access-Control-Expose-Headers"))
|
||||
}
|
||||
allowMethods := h.Get("Access-Control-Allow-Methods")
|
||||
for _, want := range []string{"OPTIONS", "GET", "POST", "PUT", "PATCH", "DELETE", "COUNT"} {
|
||||
if !strings.Contains(allowMethods, want) {
|
||||
t.Errorf("expected Allow-Methods to contain %q, got %q", want, allowMethods)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestCorsMiddleware_NoExposeHeader(t *testing.T) {
|
||||
rec := httptest.NewRecorder()
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Request = httptest.NewRequest(http.MethodGet, "/", nil)
|
||||
|
||||
mw := CorsMiddleware([]string{"X-Foo"}, []string{})
|
||||
mw(c)
|
||||
|
||||
if _, ok := rec.Header()["Access-Control-Expose-Headers"]; ok {
|
||||
t.Fatalf("expected Expose-Headers to be unset when empty")
|
||||
}
|
||||
}
|
||||
|
||||
func TestCorsMiddleware_OptionsAborts(t *testing.T) {
|
||||
rec := httptest.NewRecorder()
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Request = httptest.NewRequest(http.MethodOptions, "/", nil)
|
||||
|
||||
mw := CorsMiddleware([]string{"X-Foo"}, nil)
|
||||
mw(c)
|
||||
|
||||
if !c.IsAborted() {
|
||||
t.Fatalf("expected context aborted on OPTIONS")
|
||||
}
|
||||
if rec.Code != http.StatusOK {
|
||||
t.Fatalf("expected 200 on OPTIONS, got %d", rec.Code)
|
||||
}
|
||||
}
|
||||
|
||||
func TestCorsMiddleware_NonOptionsContinues(t *testing.T) {
|
||||
rec := httptest.NewRecorder()
|
||||
c, _ := gin.CreateTestContext(rec)
|
||||
c.Request = httptest.NewRequest(http.MethodGet, "/", nil)
|
||||
|
||||
mw := CorsMiddleware([]string{"X-Foo"}, nil)
|
||||
mw(c)
|
||||
|
||||
if c.IsAborted() {
|
||||
t.Fatalf("non-OPTIONS request should not be aborted")
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user