You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by kx...@apache.org on 2016/02/02 16:23:25 UTC
[3/6] chttpd commit: updated refs/heads/master to 41ac33a
Adding more tests for CORS
Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/e52d2123
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/e52d2123
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/e52d2123
Branch: refs/heads/master
Commit: e52d2123846532540abb3ca5ec3a588a77b1ff68
Parents: a634e22
Author: ILYA Khlopotov <ii...@ca.ibm.com>
Authored: Mon Jan 25 13:07:19 2016 -0800
Committer: ILYA Khlopotov <ii...@ca.ibm.com>
Committed: Fri Jan 29 11:45:03 2016 -0800
----------------------------------------------------------------------
test/chttpd_cors_test.erl | 67 +++++++++++++++++++++++++++++++++++++++++-
1 file changed, 66 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/e52d2123/test/chttpd_cors_test.erl
----------------------------------------------------------------------
diff --git a/test/chttpd_cors_test.erl b/test/chttpd_cors_test.erl
index 6ad807a..753b235 100644
--- a/test/chttpd_cors_test.erl
+++ b/test/chttpd_cors_test.erl
@@ -24,6 +24,10 @@
"content-type, accept-ranges, etag, server, x-couch-request-id, " ++
"x-couch-update-newrev, x-couchdb-body-time").
+-define(CUSTOM_SUPPORTED_METHODS, ?SUPPORTED_METHODS -- ["CONNECT"]).
+-define(CUSTOM_SUPPORTED_HEADERS, ["extra" | ?SUPPORTED_HEADERS -- ["pragma"]]).
+-define(CUSTOM_EXPOSED_HEADERS, ["expose" | ?COUCH_HEADERS]).
+
%% Test helpers
@@ -56,6 +60,16 @@ wildcard_cors_config() ->
]}}
].
+custom_cors_config() ->
+ [
+ {<<"enable_cors">>, true},
+ {<<"allow_methods">>, ?CUSTOM_SUPPORTED_METHODS},
+ {<<"allow_headers">>, ?CUSTOM_SUPPORTED_HEADERS},
+ {<<"exposed_headers">>, ?CUSTOM_EXPOSED_HEADERS},
+ {<<"origins">>, {[
+ {<<"*">>, {[]}}
+ ]}}
+ ].
access_control_cors_config(AllowCredentials) ->
[
@@ -166,6 +180,15 @@ cors_enabled_simple_config_test_() ->
fun test_case_sensitive_mismatch_of_allowed_origins_/1
]}}.
+cors_enabled_custom_config_test_() ->
+ {"Simple CORS config with custom allow_methods/allow_headers/exposed_headers",
+ {foreach,
+ fun custom_cors_config/0,
+ [
+ fun test_good_headers_preflight_request_with_custom_config_/1,
+ fun test_db_request_with_custom_config_/1
+ ]}}.
+
cors_enabled_multiple_config_test_() ->
{"Multiple options CORS config",
@@ -307,7 +330,31 @@ test_good_headers_preflight_request_(OwnerConfig) ->
?_assertEqual(?DEFAULT_ORIGIN,
header(Headers1, "Access-Control-Allow-Origin")),
?_assertEqual(string_headers(?SUPPORTED_METHODS),
- header(Headers1, "Access-Control-Allow-Methods"))
+ header(Headers1, "Access-Control-Allow-Methods")),
+ ?_assertEqual(string_headers(["accept-language"]),
+ header(Headers1, "Access-Control-Allow-Headers"))
+ ].
+
+test_good_headers_preflight_request_with_custom_config_(OwnerConfig) ->
+ Headers = [
+ {"Origin", ?DEFAULT_ORIGIN},
+ {"Access-Control-Request-Method", "GET"},
+ {"Access-Control-Request-Headers", "accept-language, extra"}
+ ],
+ Req = mock_request('OPTIONS', "/", Headers),
+ ?assert(chttpd_cors:is_cors_enabled(OwnerConfig)),
+ AllowMethods = couch_util:get_value(
+ <<"allow_methods">>, OwnerConfig, ?SUPPORTED_METHODS),
+ AllowHeaders = couch_util:get_value(
+ <<"allow_headers">>, OwnerConfig, ?SUPPORTED_HEADERS),
+ {ok, Headers1} = chttpd_cors:maybe_handle_preflight_request(Req, OwnerConfig),
+ [
+ ?_assertEqual(?DEFAULT_ORIGIN,
+ header(Headers1, "Access-Control-Allow-Origin")),
+ ?_assertEqual(string_headers(AllowMethods),
+ header(Headers1, "Access-Control-Allow-Methods")),
+ ?_assertEqual(string_headers(["accept-language", "extra"]),
+ header(Headers1, "Access-Control-Allow-Headers"))
].
@@ -364,6 +411,21 @@ test_db_request_(OwnerConfig) ->
header(Headers1, "Access-Control-Expose-Headers"))
].
+test_db_request_with_custom_config_(OwnerConfig) ->
+ Origin = ?DEFAULT_ORIGIN,
+ Headers = [{"Origin", Origin}, {"extra", "EXTRA"}],
+ Req = mock_request('GET', "/my_db", Headers),
+ Headers1 = chttpd_cors:headers(Req, Headers, Origin, OwnerConfig),
+ ExposedHeaders = couch_util:get_value(
+ <<"exposed_headers">>, OwnerConfig, ?COUCH_HEADERS),
+ [
+ ?_assertEqual(?DEFAULT_ORIGIN,
+ header(Headers1, "Access-Control-Allow-Origin")),
+ ?_assertEqual(lists:sort(["content-type" | ExposedHeaders]),
+ lists:sort(
+ split_list(header(Headers1, "Access-Control-Expose-Headers"))))
+ ].
+
test_db_preflight_request_(OwnerConfig) ->
Headers = [
@@ -473,3 +535,6 @@ test_db_request_credentials_header_on_(OwnerConfig) ->
?_assertEqual("true",
header(Headers1, "Access-Control-Allow-Credentials"))
].
+
+split_list(S) ->
+ re:split(S, "\\s*,\\s*", [trim, {return, list}]).