You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by kx...@apache.org on 2016/02/02 16:23:25 UTC

[3/6] chttpd commit: updated refs/heads/master to 41ac33a

Adding more tests for CORS


Project: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/commit/e52d2123
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/tree/e52d2123
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/diff/e52d2123

Branch: refs/heads/master
Commit: e52d2123846532540abb3ca5ec3a588a77b1ff68
Parents: a634e22
Author: ILYA Khlopotov <ii...@ca.ibm.com>
Authored: Mon Jan 25 13:07:19 2016 -0800
Committer: ILYA Khlopotov <ii...@ca.ibm.com>
Committed: Fri Jan 29 11:45:03 2016 -0800

----------------------------------------------------------------------
 test/chttpd_cors_test.erl | 67 +++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 66 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-chttpd/blob/e52d2123/test/chttpd_cors_test.erl
----------------------------------------------------------------------
diff --git a/test/chttpd_cors_test.erl b/test/chttpd_cors_test.erl
index 6ad807a..753b235 100644
--- a/test/chttpd_cors_test.erl
+++ b/test/chttpd_cors_test.erl
@@ -24,6 +24,10 @@
     "content-type, accept-ranges, etag, server, x-couch-request-id, " ++
     "x-couch-update-newrev, x-couchdb-body-time").
 
+-define(CUSTOM_SUPPORTED_METHODS, ?SUPPORTED_METHODS -- ["CONNECT"]).
+-define(CUSTOM_SUPPORTED_HEADERS, ["extra" | ?SUPPORTED_HEADERS -- ["pragma"]]).
+-define(CUSTOM_EXPOSED_HEADERS, ["expose" | ?COUCH_HEADERS]).
+
 
 %% Test helpers
 
@@ -56,6 +60,16 @@ wildcard_cors_config() ->
         ]}}
     ].
 
+custom_cors_config() ->
+    [
+        {<<"enable_cors">>, true},
+        {<<"allow_methods">>, ?CUSTOM_SUPPORTED_METHODS},
+        {<<"allow_headers">>, ?CUSTOM_SUPPORTED_HEADERS},
+        {<<"exposed_headers">>, ?CUSTOM_EXPOSED_HEADERS},
+        {<<"origins">>, {[
+            {<<"*">>, {[]}}
+        ]}}
+    ].
 
 access_control_cors_config(AllowCredentials) ->
     [
@@ -166,6 +180,15 @@ cors_enabled_simple_config_test_() ->
                 fun test_case_sensitive_mismatch_of_allowed_origins_/1
             ]}}.
 
+cors_enabled_custom_config_test_() ->
+    {"Simple CORS config with custom allow_methods/allow_headers/exposed_headers",
+        {foreach,
+            fun custom_cors_config/0,
+            [
+                fun test_good_headers_preflight_request_with_custom_config_/1,
+                fun test_db_request_with_custom_config_/1
+            ]}}.
+
 
 cors_enabled_multiple_config_test_() ->
     {"Multiple options CORS config",
@@ -307,7 +330,31 @@ test_good_headers_preflight_request_(OwnerConfig) ->
         ?_assertEqual(?DEFAULT_ORIGIN,
             header(Headers1, "Access-Control-Allow-Origin")),
         ?_assertEqual(string_headers(?SUPPORTED_METHODS),
-            header(Headers1, "Access-Control-Allow-Methods"))
+            header(Headers1, "Access-Control-Allow-Methods")),
+        ?_assertEqual(string_headers(["accept-language"]),
+            header(Headers1, "Access-Control-Allow-Headers"))
+    ].
+
+test_good_headers_preflight_request_with_custom_config_(OwnerConfig) ->
+    Headers = [
+        {"Origin", ?DEFAULT_ORIGIN},
+        {"Access-Control-Request-Method", "GET"},
+        {"Access-Control-Request-Headers", "accept-language, extra"}
+    ],
+    Req = mock_request('OPTIONS', "/", Headers),
+    ?assert(chttpd_cors:is_cors_enabled(OwnerConfig)),
+    AllowMethods = couch_util:get_value(
+        <<"allow_methods">>, OwnerConfig, ?SUPPORTED_METHODS),
+    AllowHeaders = couch_util:get_value(
+        <<"allow_headers">>, OwnerConfig, ?SUPPORTED_HEADERS),
+    {ok, Headers1} = chttpd_cors:maybe_handle_preflight_request(Req, OwnerConfig),
+    [
+        ?_assertEqual(?DEFAULT_ORIGIN,
+            header(Headers1, "Access-Control-Allow-Origin")),
+        ?_assertEqual(string_headers(AllowMethods),
+            header(Headers1, "Access-Control-Allow-Methods")),
+        ?_assertEqual(string_headers(["accept-language", "extra"]),
+            header(Headers1, "Access-Control-Allow-Headers"))
     ].
 
 
@@ -364,6 +411,21 @@ test_db_request_(OwnerConfig) ->
             header(Headers1, "Access-Control-Expose-Headers"))
     ].
 
+test_db_request_with_custom_config_(OwnerConfig) ->
+    Origin = ?DEFAULT_ORIGIN,
+    Headers = [{"Origin", Origin}, {"extra", "EXTRA"}],
+    Req = mock_request('GET', "/my_db", Headers),
+    Headers1 = chttpd_cors:headers(Req, Headers, Origin, OwnerConfig),
+    ExposedHeaders = couch_util:get_value(
+        <<"exposed_headers">>, OwnerConfig, ?COUCH_HEADERS),
+    [
+        ?_assertEqual(?DEFAULT_ORIGIN,
+            header(Headers1, "Access-Control-Allow-Origin")),
+        ?_assertEqual(lists:sort(["content-type" | ExposedHeaders]),
+            lists:sort(
+                split_list(header(Headers1, "Access-Control-Expose-Headers"))))
+    ].
+
 
 test_db_preflight_request_(OwnerConfig) ->
     Headers = [
@@ -473,3 +535,6 @@ test_db_request_credentials_header_on_(OwnerConfig) ->
         ?_assertEqual("true",
             header(Headers1, "Access-Control-Allow-Credentials"))
     ].
+
+split_list(S) ->
+    re:split(S, "\\s*,\\s*", [trim, {return, list}]).