2024-05-07 07:59:32 +03:00
|
|
|
package tests
|
|
|
|
|
|
|
|
import (
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
)
|
|
|
|
|
|
|
|
func subTestProto(g *testGroup) {
|
|
|
|
g.regSubTest("HTTP CORS", proto_HTTP_CORS_test)
|
|
|
|
}
|
|
|
|
|
|
|
|
func proto_HTTP_CORS_test(mc *mockServer) error {
|
|
|
|
// Make CORS request for GET /SERVER
|
|
|
|
morigin := "http://my-test-origin"
|
|
|
|
url := fmt.Sprintf("http://127.0.0.1:%d/SERVER", mc.port)
|
|
|
|
req, err := http.NewRequest(http.MethodOptions, url, nil)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
req.Header.Add("Origin", morigin)
|
|
|
|
req.Header.Add("Access-Control-Request-Method", "GET")
|
|
|
|
req.Header.Add("Access-Control-Request-Headers", "Authorization")
|
|
|
|
resp, err := http.DefaultClient.Do(req)
|
|
|
|
|
|
|
|
// Validate CORS response
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
if resp.StatusCode != 204 {
|
|
|
|
return fmt.Errorf("expected http stuats '204', got '%d'", resp.StatusCode)
|
|
|
|
}
|
|
|
|
origin := resp.Header.Get("Access-Control-Allow-Origin")
|
|
|
|
methods := resp.Header.Get("Access-Control-Allow-Methods")
|
2024-05-07 08:07:07 +03:00
|
|
|
headers := resp.Header.Get("Access-Control-Allow-Headers")
|
2024-05-07 07:59:32 +03:00
|
|
|
if !(origin == "*" || origin == morigin) {
|
|
|
|
return fmt.Errorf("expected http access-control-allow-origin value '*', got '%s'", origin)
|
|
|
|
}
|
|
|
|
if methods != "POST, GET, OPTIONS" {
|
|
|
|
return fmt.Errorf("expected http access-control-allow-Methods value 'POST, GET, OPTIONS', got '%s'", methods)
|
|
|
|
}
|
2024-05-07 08:07:07 +03:00
|
|
|
if headers != "*, Authorization" {
|
|
|
|
return fmt.Errorf("expected http access-control-allow-headers value '*, Authorization', got '%s'", headers)
|
|
|
|
}
|
2024-05-07 07:59:32 +03:00
|
|
|
|
|
|
|
// Make the actual request now
|
|
|
|
resp, err = http.Get(url)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
origin = resp.Header.Get("Access-Control-Allow-Origin")
|
|
|
|
if !(origin == "*" || origin == morigin) {
|
|
|
|
return fmt.Errorf("expected http access-control-allow-origin value '*', got '%s'", origin)
|
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|