public void Cors_AllowedDomain()
{
// empty
Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc", new string[0]));
// regular domains
Assert.AreEqual("abc", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "abc", "def" }));
Assert.AreEqual("abc", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "def", "abc" }));
Assert.AreEqual("abc-dev", SnCorsPolicyProvider.GetAllowedDomain("abc-dev", new[] { "abc-dev", "app123" }));
Assert.AreEqual("app123", SnCorsPolicyProvider.GetAllowedDomain("app123", new[] { "abc-dev", "app123" }));
// wildcard (all)
Assert.AreEqual("*", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "*" }));
Assert.AreEqual("*", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "*", "abc" }));
Assert.AreEqual("abc", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "abc", "*" }));
Assert.AreEqual("*", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "abcd", "*" }));
Assert.AreEqual("*", SnCorsPolicyProvider.GetAllowedDomain("abc-dev", new[] { "*", "app123" }));
Assert.AreEqual("*", SnCorsPolicyProvider.GetAllowedDomain("app123", new[] { "abc-dev", "*" }));
// wildcard (subdomain)
Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "*.abc" }));
Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("def", new[] { "*.abc" }));
Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc.com", new[] { "*.abc.com" }));
Assert.AreEqual("abc", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "*.abc", "abc" }));
Assert.AreEqual("abc", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "abc", "*.abc" }));
Assert.AreEqual("*.abc", SnCorsPolicyProvider.GetAllowedDomain("sub1.abc", new[] { "*.abc" }));
Assert.AreEqual("abc.*.abc", SnCorsPolicyProvider.GetAllowedDomain("abc.sub1.abc", new[] { "abc.*.abc" }));
Assert.AreEqual("abc.*.abc", SnCorsPolicyProvider.GetAllowedDomain("abc.sub1.sub2.abc", new[] { "abc.*.abc" }));
Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc.com", new[] { "abc.*.com" }));
Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc..com", new[] { "abc.*.com" }));
Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("nooo.abc.sub1.abc", new[] { "abc.*.abc" }));
Assert.AreEqual("*.abc", SnCorsPolicyProvider.GetAllowedDomain("sub1.abc", new[] { "abcd", "sub1abc", "sub1abccom", "*.abc" }));
Assert.AreEqual("*.abc", SnCorsPolicyProvider.GetAllowedDomain("sub-dev.abc", new[] { "*.abc", "app123.abc" }));
Assert.AreEqual("*.abc", SnCorsPolicyProvider.GetAllowedDomain("a1b2c3--app-dev.abc", new[] { "sub.abc", "*.abc" }));
Assert.AreEqual("abc.*.com", SnCorsPolicyProvider.GetAllowedDomain("abc.a1b2c3--app-dev.com", new[] { "abc.app.com", "abc.*.com" }));
// wildcard (port)
Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("ab:5000", new[] { "abc" }));
Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("ab:5000", new[] { "abc:4000" }));
Assert.AreEqual("abc:*", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "abc:*" }));
Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("sub1.abc", new[] { "abc:*" }));
Assert.AreEqual("abc:*", SnCorsPolicyProvider.GetAllowedDomain("abc:5000", new[] { "abc:*" }));
Assert.AreEqual("abc:*", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "abc:4000", "abc:*" }));
Assert.AreEqual("abc:*", SnCorsPolicyProvider.GetAllowedDomain("abc:5000", new[] { "abc:4000", "abc:*" }));
Assert.AreEqual("abc.com:*", SnCorsPolicyProvider.GetAllowedDomain("abc.com", new[] { "abc.com:*" }));
Assert.AreEqual("*.abc.com:*", SnCorsPolicyProvider.GetAllowedDomain("sub1.abc.com", new[] { "*.abc.com:*" }));
Assert.AreEqual("*.abc.com:*", SnCorsPolicyProvider.GetAllowedDomain("sub1.sub2.abc.com", new[] { "*.abc.com:*" }));
Assert.AreEqual("abc.*.com:*", SnCorsPolicyProvider.GetAllowedDomain("abc.admin.com", new[] { "abc.*.com:*" }));
Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc.com:5000", new[] { "abc.*.com:*" }));
Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc..com:5000", new[] { "abc.*.com:*" }));
Assert.AreEqual("abc.*.com:*", SnCorsPolicyProvider.GetAllowedDomain("abc.admin.sub1.com", new[] { "abc.*.com:*" }));
Assert.AreEqual("abc.*.com:*", SnCorsPolicyProvider.GetAllowedDomain("abc.admin.sub1.com:5000", new[] { "abc.*.com:*" }));
Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc.sub1.abc.com:5000", new[] { "abc.*.abc.com" }));
Assert.AreEqual("*.abc.com:*", SnCorsPolicyProvider.GetAllowedDomain("sub-dev.abc.com:5000", new[] { "*.abc.com:*", "app123.abc.com:5000" }));
Assert.AreEqual("*.abc.com:*", SnCorsPolicyProvider.GetAllowedDomain("a1b2c3--app-dev.abc.com:8888", new[] { "sub.abc.com:8888", "*.abc.com:*" }));
Assert.AreEqual("abc.*.com:*", SnCorsPolicyProvider.GetAllowedDomain("abc.a1b2c3--app-dev.com:80", new[] { "abc.app.com:80", "abc.*.com:*" }));
// invalid config
Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "*abc" }));
}
public async Task Cors_HttpContext_PolicyFound()
{
await Test(async() =>
{
// default settings support localhost and sensenet.com
var p = await AssertOriginPrivate("localhost", true);
Assert.IsTrue(p.SupportsCredentials);
p = await AssertOriginPrivate("localhost:123", true);
Assert.IsTrue(p.SupportsCredentials);
p = await AssertOriginPrivate("example.sensenet.com", true);
Assert.IsTrue(p.SupportsCredentials);
await AssertOriginPrivate("sensenet.com", false);
await AssertOriginPrivate("example.com", false);
});
async Task <CorsPolicy> AssertOriginPrivate(string origin, bool expected)
{
var cpp = new SnCorsPolicyProvider(null);
var context = new DefaultHttpContext();
context.Request.Headers["Origin"] = origin;
var p = await cpp.GetPolicyAsync(context, SnCorsPolicyProvider.DefaultSenseNetCorsPolicyName);
Assert.AreEqual(expected, p.Origins.Contains(origin));
return(p);
}
}
public async Task Cors_HttpContext_PolicyNotFound()
{
var cpp = new SnCorsPolicyProvider(null);
var hc = new DefaultHttpContext();
// no origin header
Assert.IsNull(await cpp.GetPolicyAsync(hc, "sensenet"));
// no policy name
hc = new DefaultHttpContext();
hc.Request.Headers.Add("Origin", "abc");
Assert.IsNull(await cpp.GetPolicyAsync(hc, null));
// unknown policy name
Assert.IsNull(await cpp.GetPolicyAsync(hc, "other"));
}
public async Task Cors_HttpContext_PolicyFound()
{
await Test(async() =>
{
// set allowed domains for test
var setting = await Node.LoadAsync <Settings>(
RepositoryPath.Combine(Repository.SettingsFolderPath, "Portal.settings"), CancellationToken.None);
var currentSettingText = RepositoryTools.GetStreamString(setting.Binary.GetStream());
var newSettingText = EditJson(currentSettingText, @"
{
""AllowedOriginDomains"": [
""localhost:*"",
""*.sensenet.com""
]
}
");
setting.Binary.SetStream(RepositoryTools.GetStreamFromString(newSettingText));
setting.Save(SavingMode.KeepVersion);
// default settings support localhost and sensenet.com
var p = await AssertOriginPrivate("localhost", true);
Assert.IsTrue(p.SupportsCredentials);
p = await AssertOriginPrivate("localhost:123", true);
Assert.IsTrue(p.SupportsCredentials);
p = await AssertOriginPrivate("example.sensenet.com", true);
Assert.IsTrue(p.SupportsCredentials);
await AssertOriginPrivate("sensenet.com", false);
await AssertOriginPrivate("example.com", false);
});
async Task <CorsPolicy> AssertOriginPrivate(string origin, bool expected)
{
var cpp = new SnCorsPolicyProvider(null);
var context = new DefaultHttpContext();
context.Request.Headers["Origin"] = origin;
var p = await cpp.GetPolicyAsync(context, SnCorsPolicyProvider.DefaultSenseNetCorsPolicyName);
Assert.AreEqual(expected, p.Origins.Contains(origin));
return(p);
}
}
private static void AssertOrigin(string originHeader, string[] allowedOrigins, string expectedDomain)
{
var domainMatch = SnCorsPolicyProvider.GetAllowedDomain(originHeader, allowedOrigins);
Assert.AreEqual(expectedDomain, domainMatch);
}
