C# (CSharp) CorsConfigBuilder Beispiele

Beispiel #1

        public void SimpleRequestWithAnyOrigin()
        {
            IHttpResponse response = SimpleRequest(CorsConfigBuilder.ForAnyOrigin().Build(), "http://localhost:7777");

            Assert.Equal("*", response.Headers.Get(HttpHeaderNames.AccessControlAllowOrigin, null).ToString());
            Assert.Null(response.Headers.Get(HttpHeaderNames.AccessControlAllowHeaders, null));
        }

Beispiel #2

        public void DefaultPreflightResponseHeaders()
        {
            CorsConfig cors = CorsConfigBuilder.ForAnyOrigin().Build();

            Assert.NotNull(cors.PreflightResponseHeaders().Get(HttpHeaderNames.Date, null));
            Assert.Equal("0", cors.PreflightResponseHeaders().Get(HttpHeaderNames.ContentLength, null));
        }

Beispiel #3

        public void PreflightResponseHeadersSingleValue()
        {
            CorsConfig cors = CorsConfigBuilder.ForAnyOrigin()
                              .PreflightResponseHeader((AsciiString)"SingleValue", (StringCharSequence)"value").Build();

            Assert.Equal((AsciiString)"value", cors.PreflightResponseHeaders().Get((AsciiString)"SingleValue", null));
        }

Beispiel #4

        public void SimpleRequestDoNotAllowCredentials()
        {
            CorsConfig    config   = CorsConfigBuilder.ForAnyOrigin().Build();
            IHttpResponse response = SimpleRequest(config, "http://localhost:7777");

            Assert.False(response.Headers.Contains(HttpHeaderNames.AccessControlAllowCredentials));
        }

Beispiel #5

        public void ShortCircuit()
        {
            CorsConfig cors = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost:8080")
                              .ShortCircuit().Build();

            Assert.True(cors.IsShortCircuit);
        }

Beispiel #6

        public void SimpleRequestAllowCredentials()
        {
            CorsConfig    config   = CorsConfigBuilder.ForAnyOrigin().AllowCredentials().Build();
            IHttpResponse response = SimpleRequest(config, "http://localhost:7777");

            Assert.Equal("true", response.Headers.Get(HttpHeaderNames.AccessControlAllowCredentials, null));
        }

Beispiel #7

        public void Origin()
        {
            CorsConfig cors = CorsConfigBuilder.ForOrigin((StringCharSequence)"http://localhost:7888").Build();

            Assert.Equal("http://localhost:7888", cors.Origin.ToString());
            Assert.False(cors.IsAnyOriginSupported);
        }

Beispiel #8

        public void NonCorsRequest()
        {
            IHttpResponse response = SimpleRequest(CorsConfigBuilder.ForAnyOrigin().Build(), null);

            Assert.False(response.Headers.Contains(HttpHeaderNames.AccessControlAllowOrigin));
            Assert.True(ReferenceCountUtil.Release(response));
        }

Beispiel #9

        public void SimpleRequestNoShortCircuit()
        {
            CorsConfig    config   = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost:8080").Build();
            IHttpResponse response = SimpleRequest(config, "http://localhost:7777");

            Assert.Equal(HttpResponseStatus.OK, response.Status);
            Assert.Null(response.Headers.Get(HttpHeaderNames.AccessControlAllowOrigin, null));
        }

Beispiel #10

        public void PreflightRequestDoNotAllowCredentials()
        {
            CorsConfig    config   = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost:8888").Build();
            IHttpResponse response = PreflightRequest(config, "http://localhost:8888", "");

            // the only valid value for Access-Control-Allow-Credentials is true.
            Assert.False(response.Headers.Contains(HttpHeaderNames.AccessControlAllowCredentials));
        }

Beispiel #11

        public void SimpleRequestWithOrigin()
        {
            var           origin   = new AsciiString("http://localhost:8888");
            IHttpResponse response = SimpleRequest(CorsConfigBuilder.ForOrigin(origin).Build(), origin.ToString());

            Assert.Equal(origin, response.Headers.Get(HttpHeaderNames.AccessControlAllowOrigin, null));
            Assert.Null(response.Headers.Get(HttpHeaderNames.AccessControlAllowHeaders, null));
        }

Beispiel #12

        public void RequestHeaders()
        {
            CorsConfig cors = CorsConfigBuilder.ForAnyOrigin()
                              .AllowedRequestHeaders((AsciiString)"preflight-header1", (AsciiString)"preflight-header2").Build();

            Assert.True(cors.AllowedRequestHeaders().Contains((AsciiString)"preflight-header1"));
            Assert.True(cors.AllowedRequestHeaders().Contains((AsciiString)"preflight-header2"));
        }

Beispiel #13

        public void ExposeHeaders()
        {
            CorsConfig cors = CorsConfigBuilder.ForAnyOrigin()
                              .ExposeHeaders((StringCharSequence)"custom-header1", (StringCharSequence)"custom-header2").Build();

            Assert.True(cors.ExposedHeaders().Contains((StringCharSequence)"custom-header1"));
            Assert.True(cors.ExposedHeaders().Contains((StringCharSequence)"custom-header2"));
        }

Beispiel #14

        public void RequestMethods()
        {
            CorsConfig cors = CorsConfigBuilder.ForAnyOrigin()
                              .AllowedRequestMethods(HttpMethod.Post, HttpMethod.Get).Build();

            Assert.True(cors.AllowedRequestMethods().Contains(HttpMethod.Post));
            Assert.True(cors.AllowedRequestMethods().Contains(HttpMethod.Get));
        }

Beispiel #15

        public void PreflightRequestAllowCredentials()
        {
            var           origin   = new AsciiString("null");
            CorsConfig    config   = CorsConfigBuilder.ForOrigin(origin).AllowCredentials().Build();
            IHttpResponse response = PreflightRequest(config, origin.ToString(), "content-type, xheader1");

            Assert.Equal("true", response.Headers.Get(HttpHeaderNames.AccessControlAllowCredentials, null));
        }

Beispiel #16

        public void WildcardOrigin()
        {
            CorsConfig cors = CorsConfigBuilder.ForOrigin(CorsHandler.AnyOrigin).Build();

            Assert.True(cors.IsAnyOriginSupported);
            Assert.Equal("*", cors.Origin.ToString());
            Assert.Equal(0, cors.Origins.Count);
        }

Beispiel #17

        public void PreflightRequestWithValueGenerator()
        {
            CorsConfig config = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost:8888")
                                .PreflightResponseHeader((AsciiString)"GenHeader", new ValueGenerator()).Build();
            IHttpResponse response = PreflightRequest(config, "http://localhost:8888", "content-type, xheader1");

            Assert.Equal("generatedValue", response.Headers.Get((AsciiString)"GenHeader", null).ToString());
            Assert.Equal(HttpHeaderNames.Origin.ToString(), response.Headers.Get(HttpHeaderNames.Vary, null));
        }

Beispiel #18

        public void AnyOriginAndAllowCredentialsShouldEchoRequestOrigin()
        {
            CorsConfig    config   = CorsConfigBuilder.ForAnyOrigin().AllowCredentials().Build();
            IHttpResponse response = SimpleRequest(config, "http://localhost:7777");

            Assert.Equal("true", response.Headers.Get(HttpHeaderNames.AccessControlAllowCredentials, null));
            Assert.Equal("http://localhost:7777", response.Headers.Get(HttpHeaderNames.AccessControlAllowOrigin, null).ToString());
            Assert.Equal(HttpHeaderNames.Origin.ToString(), response.Headers.Get(HttpHeaderNames.Vary, null));
        }

Beispiel #19

        public void SimpleRequestExposeHeaders()
        {
            CorsConfig config = CorsConfigBuilder.ForAnyOrigin()
                                .ExposeHeaders((AsciiString)"one", (AsciiString)"two").Build();
            IHttpResponse response = SimpleRequest(config, "http://localhost:7777");

            Assert.Contains("one", response.Headers.Get(HttpHeaderNames.AccessControlExposeHeaders, null).ToString());
            Assert.Contains("two", response.Headers.Get(HttpHeaderNames.AccessControlExposeHeaders, null).ToString());
        }

Beispiel #20

        public void SimpleRequestShortCircuit()
        {
            CorsConfig config = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost:8080")
                                .ShortCircuit().Build();
            IHttpResponse response = SimpleRequest(config, "http://localhost:7777");

            Assert.Equal(HttpResponseStatus.Forbidden, response.Status);
            Assert.Equal("0", response.Headers.Get(HttpHeaderNames.ContentLength, null).ToString());
        }

Beispiel #21

        public void PreflightRequestWithUnauthorizedOrigin()
        {
            var        origin   = "http://host";
            CorsConfig config   = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost").Build();
            var        response = PreflightRequest(config, origin, "xheader1");

            Assert.False(response.Headers.Contains(HttpHeaderNames.AccessControlAllowOrigin));
            Assert.True(ReferenceCountUtil.Release(response));
        }

Beispiel #22

        public void Origins()
        {
            ICharSequence[] origins = { (StringCharSequence)"http://localhost:7888", (StringCharSequence)"https://localhost:7888" };
            CorsConfig      cors    = CorsConfigBuilder.ForOrigins(origins).Build();

            Assert.Equal(2, cors.Origins.Count);
            Assert.True(cors.Origins.Contains(origins[0]));
            Assert.True(cors.Origins.Contains(origins[1]));
            Assert.False(cors.IsAnyOriginSupported);
        }

Beispiel #23

        public void SimpleRequestCustomHeaders()
        {
            CorsConfig config = CorsConfigBuilder.ForAnyOrigin()
                                .ExposeHeaders((AsciiString)"custom1", (AsciiString)"custom2").Build();
            IHttpResponse response = SimpleRequest(config, "http://localhost:7777");

            Assert.Equal("*", response.Headers.Get(HttpHeaderNames.AccessControlAllowOrigin, null));
            Assert.Contains("custom1", response.Headers.Get(HttpHeaderNames.AccessControlExposeHeaders, null).ToString());
            Assert.Contains("custom2", response.Headers.Get(HttpHeaderNames.AccessControlExposeHeaders, null).ToString());
        }

Beispiel #24

        public void PreflightRequestWithDefaultHeaders()
        {
            CorsConfig config   = CorsConfigBuilder.ForOrigin(new AsciiString("http://localhost:8888")).Build();
            var        response = PreflightRequest(config, "http://localhost:8888", "content-type, xheader1");

            Assert.Equal("0", response.Headers.Get(HttpHeaderNames.ContentLength, null).ToString());
            Assert.NotNull(response.Headers.Get(HttpHeaderNames.Date, null));
            Assert.Equal(HttpHeaderNames.Origin.ToString(), response.Headers.Get(HttpHeaderNames.Vary, null));
            Assert.True(ReferenceCountUtil.Release(response));
        }

Beispiel #25

        public void SimpleRequestWithNoMatchingOrigin()
        {
            var           origin   = new AsciiString("http://localhost:8888");
            IHttpResponse response = SimpleRequest(CorsConfigBuilder.ForOrigins(
                                                       new AsciiString("https://localhost:8888")).Build(), origin.ToString());

            Assert.Null(response.Headers.Get(HttpHeaderNames.AccessControlAllowOrigin, null));
            Assert.Null(response.Headers.Get(HttpHeaderNames.AccessControlAllowHeaders, null));
            Assert.True(ReferenceCountUtil.Release(response));
        }

Beispiel #26

        public void PreflightResponseHeadersMultipleValues()
        {
            CorsConfig cors = CorsConfigBuilder.ForAnyOrigin()
                              .PreflightResponseHeader((AsciiString)"MultipleValues", (StringCharSequence)"value1", (StringCharSequence)"value2").Build();
            IList <ICharSequence> values = cors.PreflightResponseHeaders().GetAll((AsciiString)"MultipleValues");

            Assert.NotNull(values);
            Assert.True(values.Contains((AsciiString)"value1"));
            Assert.True(values.Contains((AsciiString)"value2"));
        }

Beispiel #27

        public void ShortCircuitNonCorsRequest()
        {
            CorsConfig config = CorsConfigBuilder.ForOrigin((AsciiString)"https://localhost")
                                .ShortCircuit().Build();
            IHttpResponse response = SimpleRequest(config, null);

            Assert.Equal(HttpResponseStatus.OK, response.Status);
            Assert.Null(response.Headers.Get(HttpHeaderNames.AccessControlAllowOrigin, null));
            Assert.True(ReferenceCountUtil.Release(response));
        }

Beispiel #28

        public void SimpleRequestWithNullOrigin()
        {
            IHttpResponse response = SimpleRequest(CorsConfigBuilder.ForOrigin((AsciiString)"http://test.com")
                                                   .AllowNullOrigin()
                                                   .AllowCredentials()
                                                   .Build(), "null");

            Assert.Equal("null", response.Headers.Get(HttpHeaderNames.AccessControlAllowOrigin, null).ToString());
            Assert.Equal("true", response.Headers.Get(HttpHeaderNames.AccessControlAllowCredentials, null).ToString());
            Assert.Null(response.Headers.Get(HttpHeaderNames.AccessControlAllowHeaders, null));
        }

Beispiel #29

        public void PreflightDeleteRequestWithCustomHeaders()
        {
            CorsConfig config = CorsConfigBuilder.ForOrigin(
                new AsciiString("http://localhost:8888")).AllowedRequestMethods(HttpMethod.Get, HttpMethod.Delete).Build();
            IHttpResponse response = PreflightRequest(config, "http://localhost:8888", "content-type, xheader1");

            Assert.Equal("http://localhost:8888", response.Headers.Get(HttpHeaderNames.AccessControlAllowOrigin, null));
            Assert.Contains("GET", response.Headers.Get(HttpHeaderNames.AccessControlAllowMethods, null).ToString());
            Assert.Contains("DELETE", response.Headers.Get(HttpHeaderNames.AccessControlAllowMethods, null).ToString());
            Assert.Equal(HttpHeaderNames.Origin.ToString(), response.Headers.Get(HttpHeaderNames.Vary, null));
        }

Beispiel #30

        public void ForbiddenShouldReleaseRequest()
        {
            CorsConfig       config  = CorsConfigBuilder.ForOrigin((AsciiString)"https://localhost").ShortCircuit().Build();
            var              channel = new EmbeddedChannel(new CorsHandler(config), new EchoHandler());
            IFullHttpRequest request = CreateHttpRequest(HttpMethod.Get);

            request.Headers.Set(HttpHeaderNames.Origin, "http://localhost:8888");
            Assert.False(channel.WriteInbound(request));
            Assert.Equal(0, request.ReferenceCount);
            Assert.True(ReferenceCountUtil.Release(channel.ReadOutbound()));
            Assert.False(channel.Finish());
        }