public async void pipeline_cors___returns_endpoint_configured_orgin_when_all_orgins_default_configured()
{
var origin = "http://ron.vecchi.net";
var context = new ApiRequestContext
{
Request = new ApiRequestInfo
{
CrossOriginRequest = new CrossOriginRequestValues
{
Origin = origin
}
},
Configuration = new DeepSleepRequestConfiguration
{
CrossOriginConfig = new ApiCrossOriginConfiguration
{
AllowedOrigins = new string[] { origin }
}
}
};
var processed = await context.ProcessHttpResponseCrossOriginResourceSharing().ConfigureAwait(false);
processed.Should().BeTrue();
context.Response.Headers.Should().NotBeEmpty();
context.Response.Headers.Should().HaveCount(3);
context.Response.Headers[0].Name.Should().Be("Access-Control-Allow-Origin");
context.Response.Headers[0].Value.Should().Be(origin);
context.Response.Headers[1].Name.Should().Be("Access-Control-Allow-Credentials");
context.Response.Headers[1].Value.Should().Be("false");
context.Response.Headers[2].Name.Should().Be("Vary");
context.Response.Headers[2].Value.Should().Be("Origin");
}
public async void pipeline_cors___returns_true_allow_credentials_when_configured(bool?allowCredentials, bool expected)
{
var origin = "http://ron.vecchi.net";
var context = new ApiRequestContext
{
Request = new ApiRequestInfo
{
CrossOriginRequest = new CrossOriginRequestValues
{
Origin = origin,
}
},
Configuration = new DeepSleepRequestConfiguration
{
CrossOriginConfig = new ApiCrossOriginConfiguration
{
AllowedOrigins = new string[] { "*" },
AllowCredentials = allowCredentials
}
}
};
var processed = await context.ProcessHttpResponseCrossOriginResourceSharing().ConfigureAwait(false);
processed.Should().BeTrue();
context.Response.Headers.Should().NotBeEmpty();
context.Response.Headers.Should().HaveCount(3);
context.Response.Headers[0].Name.Should().Be("Access-Control-Allow-Origin");
context.Response.Headers[0].Value.Should().Be(origin);
context.Response.Headers[1].Name.Should().Be("Access-Control-Allow-Credentials");
context.Response.Headers[1].Value.Should().Be(expected.ToString().ToLowerInvariant());
context.Response.Headers[2].Name.Should().Be("Vary");
context.Response.Headers[2].Value.Should().Be("Origin");
}
public async void pipeline_cors___returns_true_and_skips_processing_when_no_orgin_present(string origin)
{
var context = new ApiRequestContext
{
Request = new ApiRequestInfo
{
CrossOriginRequest = new CrossOriginRequestValues
{
Origin = origin
}
}
};
var processed = await context.ProcessHttpResponseCrossOriginResourceSharing().ConfigureAwait(false);
processed.Should().BeTrue();
context.Response.Should().NotBeNull();
context.Response.ResponseObject.Should().BeNull();
}
public async void pipeline_cors___returns_false_for_cancelled_request()
{
var context = new ApiRequestContext
{
RequestAborted = new System.Threading.CancellationToken(true),
Request = new ApiRequestInfo
{
CrossOriginRequest = new CrossOriginRequestValues
{
Origin = "https://test.org"
}
}
};
var processed = await context.ProcessHttpResponseCrossOriginResourceSharing().ConfigureAwait(false);
processed.Should().BeFalse();
context.Response.Should().NotBeNull();
context.Response.ResponseObject.Should().BeNull();
}
public async void pipeline_cors___returns_configured_access_expose_headers()
{
var origin = "http://ron.vecchi.net";
var context = new ApiRequestContext
{
Request = new ApiRequestInfo
{
CrossOriginRequest = new CrossOriginRequestValues
{
Origin = origin
}
},
Configuration = new DeepSleepRequestConfiguration
{
CrossOriginConfig = new ApiCrossOriginConfiguration
{
AllowedOrigins = new string[] { "*" },
ExposeHeaders = new string[] { "X-API1", "X-API2", "Content-Type" }
}
}
};
var processed = await context.ProcessHttpResponseCrossOriginResourceSharing().ConfigureAwait(false);
processed.Should().BeTrue();
context.Response.Headers.Should().NotBeEmpty();
context.Response.Headers.Should().HaveCount(4);
context.Response.Headers[0].Name.Should().Be("Access-Control-Allow-Origin");
context.Response.Headers[0].Value.Should().Be(origin);
context.Response.Headers[1].Name.Should().Be("Access-Control-Allow-Credentials");
context.Response.Headers[1].Value.Should().Be("false");
context.Response.Headers[2].Name.Should().Be("Access-Control-Expose-Headers");
context.Response.Headers[2].Value.Should().Be("X-API1, X-API2, Content-Type");
context.Response.Headers[3].Name.Should().Be("Vary");
context.Response.Headers[3].Value.Should().Be("Origin");
}