public async Task SendAsync_ReturnsAllowAOrigin(string httpMethod, string expectedOrigin)
{
HttpConfiguration config = new HttpConfiguration();
config.Routes.MapHttpRoute("default", "{controller}");
HttpServer server = new HttpServer(config);
CorsMessageHandler corsHandler = new CorsMessageHandler(config);
corsHandler.InnerHandler = server;
HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler);
HttpRequestMessage request = new HttpRequestMessage(
new HttpMethod(httpMethod),
"http://localhost/sample"
);
request.Headers.Add(CorsConstants.Origin, "http://example.com");
HttpResponseMessage response = await invoker.SendAsync(request, CancellationToken.None);
string origin = response.Headers
.GetValues("Access-Control-Allow-Origin")
.FirstOrDefault();
Assert.Equal(expectedOrigin, origin);
}
public void SendAsync_Preflight_ReturnsAllowMethodsAndAllowHeaders(string requestedMethod, string expectedOrigin, string requestedHeaders)
{
HttpConfiguration config = new HttpConfiguration();
config.Routes.MapHttpRoute("default", "{controller}");
HttpServer server = new HttpServer(config);
CorsMessageHandler corsHandler = new CorsMessageHandler(config);
corsHandler.InnerHandler = server;
HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
request.SetConfiguration(config);
request.Headers.Add(CorsConstants.Origin, "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, requestedMethod);
request.Headers.Add(CorsConstants.AccessControlRequestHeaders, requestedHeaders);
HttpResponseMessage response = invoker.SendAsync(request, CancellationToken.None).Result;
string origin = response.Headers.GetValues(CorsConstants.AccessControlAllowOrigin).FirstOrDefault();
string allowMethod = response.Headers.GetValues(CorsConstants.AccessControlAllowMethods).FirstOrDefault();
string[] allowHeaders = response.Headers.GetValues(CorsConstants.AccessControlAllowHeaders).FirstOrDefault().Split(',');
string[] requestedHeaderArray = requestedHeaders.Split(',');
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal(expectedOrigin, origin);
Assert.Equal(requestedMethod, allowMethod);
foreach (string requestedHeader in requestedHeaderArray)
{
Assert.Contains(requestedHeader, allowHeaders);
}
}
public void SendAsync_Preflight_ReturnsAllowMethodsAndAllowHeaders(string requestedMethod, string expectedOrigin, string requestedHeaders)
{
HttpConfiguration config = new HttpConfiguration();
config.Routes.MapHttpRoute("default", "{controller}");
HttpServer server = new HttpServer(config);
CorsMessageHandler corsHandler = new CorsMessageHandler(config);
corsHandler.InnerHandler = server;
HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
request.SetConfiguration(config);
request.Headers.Add(CorsConstants.Origin, "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, requestedMethod);
request.Headers.Add(CorsConstants.AccessControlRequestHeaders, requestedHeaders);
HttpResponseMessage response = invoker.SendAsync(request, CancellationToken.None).Result;
string origin = response.Headers.GetValues(CorsConstants.AccessControlAllowOrigin).FirstOrDefault();
string allowMethod = response.Headers.GetValues(CorsConstants.AccessControlAllowMethods).FirstOrDefault();
string[] allowHeaders = response.Headers.GetValues(CorsConstants.AccessControlAllowHeaders).FirstOrDefault().Split(',');
string[] requestedHeaderArray = requestedHeaders.Split(',');
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Equal(expectedOrigin, origin);
Assert.Equal(requestedMethod, allowMethod);
foreach (string requestedHeader in requestedHeaderArray)
{
Assert.Contains(requestedHeader, allowHeaders);
}
}
public Task HandleCorsPreflightRequestAsync_NullContext_Throws()
{
CorsMessageHandler corsHandler = new CorsMessageHandler(new HttpConfiguration());
return(Assert.ThrowsArgumentNullAsync(
() => corsHandler.HandleCorsPreflightRequestAsync(new HttpRequestMessage(), null, CancellationToken.None),
"corsRequestContext"));
}
public void HandleCorsPreflightRequestAsync_NullContext_Throws()
{
CorsMessageHandler corsHandler = new CorsMessageHandler(new HttpConfiguration());
Assert.ThrowsArgumentNull(() =>
{
HttpResponseMessage response = corsHandler.HandleCorsPreflightRequestAsync(new HttpRequestMessage(), null, CancellationToken.None).Result;
},
"corsRequestContext");
}
public void HandleCorsPreflightRequestAsync_ReturnsBadRequestWhenAccessControlRequestMethodIsInvalid()
{
CorsMessageHandler corsHandler = new CorsMessageHandler(new HttpConfiguration());
HttpResponseMessage response = corsHandler.HandleCorsPreflightRequestAsync(new HttpRequestMessage(),
new CorsRequestContext
{
AccessControlRequestMethod = "Get-http://localhost"
},
CancellationToken.None).Result;
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
Assert.Equal("The \"Access-Control-Request-Method\" header value 'Get-http://localhost' is invalid.", response.Content.ReadAsAsync <HttpError>().Result.Message);
}
public void HandleCorsPreflightRequestAsync_ReturnsBadRequestWhenAccessControlRequestMethodIsNullOrEmpty(string accessControlRequestMethod)
{
CorsMessageHandler corsHandler = new CorsMessageHandler(new HttpConfiguration());
HttpResponseMessage response = corsHandler.HandleCorsPreflightRequestAsync(new HttpRequestMessage(),
new CorsRequestContext
{
AccessControlRequestMethod = accessControlRequestMethod
},
CancellationToken.None).Result;
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
Assert.Equal("The \"Access-Control-Request-Method\" header value cannot be null or empty.", response.Content.ReadAsAsync <HttpError>().Result.Message);
}
public void SendAsync_DoesNotAddHeaders_WhenOriginIsMissing()
{
HttpConfiguration config = new HttpConfiguration();
config.Routes.MapHttpRoute("default", "{controller}");
HttpServer server = new HttpServer(config);
CorsMessageHandler corsHandler = new CorsMessageHandler(config);
corsHandler.InnerHandler = server;
HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/sample");
HttpResponseMessage response = invoker.SendAsync(request, CancellationToken.None).Result;
Assert.Empty(response.Headers);
}
public void SendAsync_ReturnsAllowAOrigin(string httpMethod, string expectedOrigin)
{
HttpConfiguration config = new HttpConfiguration();
config.Routes.MapHttpRoute("default", "{controller}");
HttpServer server = new HttpServer(config);
CorsMessageHandler corsHandler = new CorsMessageHandler(config);
corsHandler.InnerHandler = server;
HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler);
HttpRequestMessage request = new HttpRequestMessage(new HttpMethod(httpMethod), "http://localhost/sample");
request.Headers.Add(CorsConstants.Origin, "http://example.com");
HttpResponseMessage response = invoker.SendAsync(request, CancellationToken.None).Result;
string origin = response.Headers.GetValues("Access-Control-Allow-Origin").FirstOrDefault();
Assert.Equal(expectedOrigin, origin);
}
public void SendAsync_DoesNotAddHeaders_WhenOriginIsMissing()
{
HttpConfiguration config = new HttpConfiguration();
config.Routes.MapHttpRoute("default", "{controller}");
HttpServer server = new HttpServer(config);
CorsMessageHandler corsHandler = new CorsMessageHandler(config);
corsHandler.InnerHandler = server;
HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/sample");
HttpResponseMessage response = invoker.SendAsync(request, CancellationToken.None).Result;
Assert.Empty(response.Headers);
}
public async Task SendAsync_Preflight_RethrowsExceptions_WhenRethrowFlagIsTrue()
{
HttpConfiguration config = new HttpConfiguration();
config.Routes.MapHttpRoute("default", "{controller}");
HttpServer server = new HttpServer(config);
CorsMessageHandler corsHandler = new CorsMessageHandler(config, true);
corsHandler.InnerHandler = server;
HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
request.SetConfiguration(config);
request.Headers.Add(CorsConstants.Origin, "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod");
await Assert.ThrowsAsync <HttpResponseException>(() => invoker.SendAsync(request, CancellationToken.None));
}
public async Task SendAsync_RethrowsExceptions_WhenRethrowFlagIsTrue()
{
HttpConfiguration config = new HttpConfiguration();
config.Routes.MapHttpRoute("default", "{controller}");
config.Services.Replace(typeof(IExceptionHandler), new PassthroughExceptionHandler());
HttpServer server = new HttpServer(config);
CorsMessageHandler corsHandler = new CorsMessageHandler(config, true);
corsHandler.InnerHandler = server;
HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/throwing");
request.SetConfiguration(config);
request.Headers.Add(CorsConstants.Origin, "http://localhost");
await Assert.ThrowsAsync <Exception>(() => invoker.SendAsync(request, CancellationToken.None));
}
public void SendAsync_HandlesExceptions_ThrownDuringPreflight()
{
HttpConfiguration config = new HttpConfiguration();
config.Routes.MapHttpRoute("default", "{controller}");
HttpServer server = new HttpServer(config);
CorsMessageHandler corsHandler = new CorsMessageHandler(config);
corsHandler.InnerHandler = server;
HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
request.SetConfiguration(config);
request.Headers.Add(CorsConstants.Origin, "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod");
HttpResponseMessage response = invoker.SendAsync(request, CancellationToken.None).Result;
Assert.Equal(HttpStatusCode.MethodNotAllowed, response.StatusCode);
}
public void SendAsync_HandlesExceptions_ThrownDuringPreflight()
{
HttpConfiguration config = new HttpConfiguration();
config.Routes.MapHttpRoute("default", "{controller}");
HttpServer server = new HttpServer(config);
CorsMessageHandler corsHandler = new CorsMessageHandler(config);
corsHandler.InnerHandler = server;
HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler);
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
request.SetConfiguration(config);
request.Headers.Add(CorsConstants.Origin, "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod");
HttpResponseMessage response = invoker.SendAsync(request, CancellationToken.None).Result;
Assert.Equal(HttpStatusCode.MethodNotAllowed, response.StatusCode);
}
public void HandleCorsPreflightRequestAsync_ReturnsBadRequestWhenAccessControlRequestMethodIsInvalid()
{
CorsMessageHandler corsHandler = new CorsMessageHandler(new HttpConfiguration());
HttpResponseMessage response = corsHandler.HandleCorsPreflightRequestAsync(new HttpRequestMessage(),
new CorsRequestContext
{
AccessControlRequestMethod = "Get-http://localhost"
},
CancellationToken.None).Result;
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
Assert.Equal("The \"Access-Control-Request-Method\" header value 'Get-http://localhost' is invalid.", response.Content.ReadAsAsync<HttpError>().Result.Message);
}
public void HandleCorsPreflightRequestAsync_ReturnsBadRequestWhenAccessControlRequestMethodIsNullOrEmpty(string accessControlRequestMethod)
{
CorsMessageHandler corsHandler = new CorsMessageHandler(new HttpConfiguration());
HttpResponseMessage response = corsHandler.HandleCorsPreflightRequestAsync(new HttpRequestMessage(),
new CorsRequestContext
{
AccessControlRequestMethod = accessControlRequestMethod
},
CancellationToken.None).Result;
Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
Assert.Equal("The \"Access-Control-Request-Method\" header value cannot be null or empty.", response.Content.ReadAsAsync<HttpError>().Result.Message);
}
public void HandleCorsPreflightRequestAsync_NullContext_Throws()
{
CorsMessageHandler corsHandler = new CorsMessageHandler(new HttpConfiguration());
Assert.ThrowsArgumentNull(() =>
{
HttpResponseMessage response = corsHandler.HandleCorsPreflightRequestAsync(new HttpRequestMessage(), null, CancellationToken.None).Result;
},
"corsRequestContext");
}
