public void IsValid_ReturnsFalse_WhenThereIsError() { CorsResult result = new CorsResult(); result.ErrorMessages.Add("error"); Assert.False(result.IsValid); }
public void ToResponseHeaders_ReturnsNoHeaders_ByDefault() { CorsResult result = new CorsResult(); IDictionary<string, string> headers = result.ToResponseHeaders(); Assert.Empty(headers); }
public void SettingNegativePreflightMaxAge_Throws() { CorsResult result = new CorsResult(); Assert.ThrowsArgumentOutOfRange(() => { result.PreflightMaxAge = -2; }, "value", "PreflightMaxAge must be greater than or equal to 0."); }
public void ToResponseHeaders_NoAllowOrigin_AllowOriginHeaderNotAdded() { CorsResult result = new CorsResult { AllowedOrigin = null }; IDictionary<string, string> headers = result.ToResponseHeaders(); Assert.DoesNotContain("Access-Control-Allow-Origin", headers.Keys); }
public void ToResponseHeaders_AllowOrigin_AllowOriginHeaderAdded() { CorsResult result = new CorsResult { AllowedOrigin = "http://example.com" }; IDictionary<string, string> headers = result.ToResponseHeaders(); Assert.Equal("http://example.com", headers["Access-Control-Allow-Origin"]); }
public void Default_Constructor() { CorsResult result = new CorsResult(); Assert.Empty(result.AllowedHeaders); Assert.Empty(result.AllowedExposedHeaders); Assert.Empty(result.AllowedMethods); Assert.Empty(result.ErrorMessages); Assert.False(result.SupportsCredentials); Assert.Null(result.AllowedOrigin); Assert.Null(result.PreflightMaxAge); Assert.True(result.IsValid); }
public void WriteCorsHeaders_WritesAllowExposedHeaders() { HttpResponseMessage response = new HttpResponseMessage(); CorsResult corsResult = new CorsResult(); corsResult.AllowedExposedHeaders.Add("baz"); response.WriteCorsHeaders(corsResult); HttpResponseHeaders headers = response.Headers; Assert.Equal(1, headers.Count()); string[] exposedHeaders = headers.GetValues("Access-Control-Expose-Headers").FirstOrDefault().Split(','); Assert.Contains("baz", exposedHeaders); }
public void Default_Constructor() { // Arrange & Act var result = new CorsResult(); // Assert Assert.Empty(result.AllowedHeaders); Assert.Empty(result.AllowedExposedHeaders); Assert.Empty(result.AllowedMethods); Assert.False(result.SupportsCredentials); Assert.Null(result.AllowedOrigin); Assert.Null(result.PreflightMaxAge); }
public void WriteCorsHeaders_WritesAllowMethods() { HttpResponseMessage response = new HttpResponseMessage(); CorsResult corsResult = new CorsResult(); corsResult.AllowedMethods.Add("DELETE"); corsResult.AllowedMethods.Add("PUT"); response.WriteCorsHeaders(corsResult); HttpResponseHeaders headers = response.Headers; Assert.Equal(1, headers.Count()); string[] allowMethods = headers.GetValues("Access-Control-Allow-Methods").FirstOrDefault().Split(','); Assert.Contains("DELETE", allowMethods); Assert.Contains("PUT", allowMethods); }
public void WriteCorsHeaders_WritesAllowCredentials() { HttpResponseMessage response = new HttpResponseMessage(); CorsResult corsResult = new CorsResult { SupportsCredentials = true }; response.WriteCorsHeaders(corsResult); HttpResponseHeaders headers = response.Headers; Assert.Single(headers); Assert.Equal( "true", headers.GetValues("Access-Control-Allow-Credentials").FirstOrDefault() ); }
public void EvaluatePolicy_AllowAnyOrigin_DoesNotSupportCredentials_EmitsWildcardForOrigin() { CorsEngine corsEngine = new CorsEngine(); CorsRequestContext requestContext = new CorsRequestContext { Origin = "foo" }; CorsPolicy policy = new CorsPolicy { AllowAnyOrigin = true, SupportsCredentials = false }; CorsResult result = corsEngine.EvaluatePolicy(requestContext, policy); Assert.Equal("*", result.AllowedOrigin); }
public void SettingNegativePreflightMaxAge_Throws() { // Arrange var result = new CorsResult(); // Act var exception = Assert.Throws<ArgumentOutOfRangeException>(() => { result.PreflightMaxAge = TimeSpan.FromSeconds(-1); }); // Assert Assert.Equal( "PreflightMaxAge must be greater than or equal to 0.\r\nParameter name: value", exception.Message); }
public void EvaluatePolicy_AllowAnyOrigin_SupportsCredentials_AddsSpecificOrigin() { CorsEngine corsEngine = new CorsEngine(); CorsRequestContext requestContext = new CorsRequestContext { Origin = "foo" }; CorsPolicy policy = new CorsPolicy { AllowAnyOrigin = true, SupportsCredentials = true }; CorsResult result = corsEngine.EvaluatePolicy(requestContext, policy); Assert.Equal("foo", result.AllowedOrigin); }
public void EvaluatePolicy_NoExposedHeaders_NoAllowExposedHeaders() { CorsEngine corsEngine = new CorsEngine(); CorsRequestContext requestContext = new CorsRequestContext { Origin = "foo" }; CorsPolicy policy = new CorsPolicy { AllowAnyOrigin = true }; CorsResult result = corsEngine.EvaluatePolicy(requestContext, policy); Assert.Empty(result.AllowedExposedHeaders); }
public void EvaluatePolicy_NoMatchingOrigin_ReturnsInvalidResult() { CorsEngine corsEngine = new CorsEngine(); CorsRequestContext requestContext = new CorsRequestContext { Origin = "foo" }; CorsPolicy policy = new CorsPolicy(); policy.Origins.Add("bar"); CorsResult result = corsEngine.EvaluatePolicy(requestContext, policy); Assert.False(result.IsValid); Assert.Contains("The origin 'foo' is not allowed.", result.ErrorMessages); }
public void WriteCorsHeaders_WritesAllowHeaders() { HttpResponseMessage response = new HttpResponseMessage(); CorsResult corsResult = new CorsResult(); corsResult.AllowedHeaders.Add("foo"); corsResult.AllowedHeaders.Add("bar"); response.WriteCorsHeaders(corsResult); HttpResponseHeaders headers = response.Headers; Assert.Single(headers); string[] allowHeaders = headers.GetValues("Access-Control-Allow-Headers").FirstOrDefault().Split(','); Assert.Contains("foo", allowHeaders); Assert.Contains("bar", allowHeaders); }
public void EvaluatePolicy_SupportsCredentials_AllowCredentialsReturnsTrue() { CorsEngine corsEngine = new CorsEngine(); CorsRequestContext requestContext = new CorsRequestContext { Origin = "foo" }; CorsPolicy policy = new CorsPolicy { AllowAnyOrigin = true, SupportsCredentials = true }; CorsResult result = corsEngine.EvaluatePolicy(requestContext, policy); Assert.True(result.SupportsCredentials); }
public void ApplyResult_PreflightMaxAge_MaxAgeHeaderAdded() { // Arrange var result = new CorsResult { PreflightMaxAge = TimeSpan.FromSeconds(30) }; var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of <IOptions <CorsOptions> >()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Equal("30", httpContext.Response.Headers["Access-Control-Max-Age"]); }
public void SettingNegativePreflightMaxAge_Throws() { // Arrange var result = new CorsResult(); // Act var exception = Assert.Throws <ArgumentOutOfRangeException>(() => { result.PreflightMaxAge = TimeSpan.FromSeconds(-1); }); // Assert Assert.Equal( $"PreflightMaxAge must be greater than or equal to 0. (Parameter 'value')", exception.Message); }
public void ApplyResult_OneAllowExposedHeaders_ExposedHeadersHeaderAdded() { // Arrange var result = new CorsResult(); result.AllowedExposedHeaders.Add("foo"); var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of <IOptions <CorsOptions> >()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Equal("foo", httpContext.Response.Headers["Access-Control-Expose-Headers"]); }
public void ApplyResult_OneAllowMethods_AllowMethodsHeaderAdded() { // Arrange var result = new CorsResult(); result.AllowedMethods.Add("PUT"); var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of <IOptions <CorsOptions> >()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Equal("PUT", httpContext.Response.Headers["Access-Control-Allow-Methods"]); }
public void EvaluatePolicy_NoOrigin_ReturnsInvalidResult() { CorsEngine corsEngine = new CorsEngine(); CorsRequestContext requestContext = new CorsRequestContext { Origin = null, HttpMethod = "GET" }; CorsResult result = corsEngine.EvaluatePolicy(requestContext, new CorsPolicy()); Assert.False(result.IsValid); Assert.Contains( "The request does not contain the Origin header.", result.ErrorMessages ); }
public void ApplyResult_AllowOrigin_AllowOriginHeaderAdded() { // Arrange var result = new CorsResult { AllowedOrigin = "http://example.com" }; var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of <IOptions <CorsOptions> >()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Equal("http://example.com", httpContext.Response.Headers["Access-Control-Allow-Origin"]); }
public void ApplyResult_NoPreflightMaxAge_MaxAgeHeaderNotAdded() { // Arrange var result = new CorsResult { PreflightMaxAge = null }; var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of <IOptions <CorsOptions> >()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.DoesNotContain("Access-Control-Max-Age", httpContext.Response.Headers.Keys); }
public void ApplyResult_NoAllowExposedHeaders_ExposedHeadersHeaderNotAdded() { // Arrange var result = new CorsResult { // AllowExposedHeaders is empty by default }; var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of <IOptions <CorsOptions> >()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.DoesNotContain("Access-Control-Expose-Headers", httpContext.Response.Headers.Keys); }
public void ApplyResult_NoAllowCredentials_AllowCredentialsHeaderNotAdded() { // Arrange var result = new CorsResult { SupportsCredentials = false }; var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of <IOptions <CorsOptions> >()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.DoesNotContain("Access-Control-Allow-Credentials", httpContext.Response.Headers.Keys); }
public void EvaluatePolicy_OneExposedHeaders_HeadersAllowed() { CorsEngine corsEngine = new CorsEngine(); CorsRequestContext requestContext = new CorsRequestContext { Origin = "foo" }; CorsPolicy policy = new CorsPolicy { AllowAnyOrigin = true }; policy.ExposedHeaders.Add("foo"); CorsResult result = corsEngine.EvaluatePolicy(requestContext, policy); Assert.Equal(1, result.AllowedExposedHeaders.Count); Assert.Contains("foo", result.AllowedExposedHeaders); }
public void ApplyResult_AddVaryHeader_VaryHeaderAdded() { // Arrange var result = new CorsResult { VaryByOrigin = true }; var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of<IOptions<CorsOptions>>()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Equal("Origin", httpContext.Response.Headers["Vary"]); }
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { //根据当前请求创建CorsRequestContext CorsRequestContext context = request.CreateCorsRequestContext(); //针对非预检请求:将请求传递给消息处理管道后续部分继续处理,并得到响应 HttpResponseMessage response = null; if (!context.IsPreflight) { response = await base.SendAsync(request, cancellationToken); } //利用注册的CorsPolicyProviderFactory得到对应的CorsPolicyProvider //借助于CorsPolicyProvider得到表示CORS资源授权策略的CorsPolicy HttpConfiguration configuration = request.GetConfiguration(); CorsPolicy policy = await configuration.GetCorsPolicyProviderFactory().GetCorsPolicyProvider(request).GetCorsPolicyAsync(request, cancellationToken); //获取注册的CorsEngine //利用CorsEngine对请求实施CORS资源授权检验,并得到表示检验结果的CorsResult对象 ICorsEngine engine = configuration.GetCorsEngine(); CorsResult result = engine.EvaluatePolicy(context, policy); //针对预检请求 //如果请求通过授权检验,返回一个状态为“200, OK”的响应并添加CORS报头 //如果授权检验失败,返回一个状态为“400, Bad Request”的响应并指定授权失败原因 if (context.IsPreflight) { if (result.IsValid) { response = new HttpResponseMessage(HttpStatusCode.OK); response.AddCorsHeaders(result); } else { response = request.CreateErrorResponse(HttpStatusCode.BadRequest, string.Join(" |", result.ErrorMessages.ToArray())); } } //针对非预检请求 //CORS报头只有在通过授权检验情况下才会被添加到响应报头集合中 else if (result.IsValid) { response.AddCorsHeaders(result); } return(response); }
public void ToResponseHeaders_SomeSimpleAllowHeaders_AllowHeadersHeaderAddedForNonSimpleHeaders() { CorsResult result = new CorsResult(); result.AllowedHeaders.Add("Content-Language"); result.AllowedHeaders.Add("foo"); result.AllowedHeaders.Add("bar"); result.AllowedHeaders.Add("Accept"); IDictionary <string, string> headers = result.ToResponseHeaders(); Assert.Contains("Access-Control-Allow-Headers", headers.Keys); string[] headerValues = headers["Access-Control-Allow-Headers"].Split(','); Assert.Equal(2, headerValues.Length); Assert.Contains("foo", headerValues); Assert.Contains("bar", headerValues); }
public void ApplyResult_NoAllowOrigin_AllowOriginHeaderNotAdded() { // Arrange var result = new CorsResult { AllowedOrigin = null }; var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of <IOptions <CorsOptions> >()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.DoesNotContain("Access-Control-Allow-Origin", httpContext.Response.Headers.Keys); }
public void ApplyResult_AllowCredentials_AllowCredentialsHeaderAdded() { // Arrange var result = new CorsResult { SupportsCredentials = true }; var service = new CorsService(Mock.Of<IOptions<CorsOptions>>()); // Act var httpContext = new DefaultHttpContext(); service.ApplyResult(result, httpContext.Response); // Assert Assert.Equal("true", httpContext.Response.Headers["Access-Control-Allow-Credentials"]); }
public void ApplyResult_AddVaryHeader_VaryHeaderAdded() { // Arrange var result = new CorsResult { VaryByOrigin = true }; var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of <IOptions <CorsOptions> >()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Equal("Origin", httpContext.Response.Headers["Vary"]); }
public void ApplyResult_AllowOrigin_AllowOriginHeaderAdded() { // Arrange var result = new CorsResult { AllowedOrigin = "http://example.com" }; var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of<IOptions<CorsOptions>>()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Equal("http://example.com", httpContext.Response.Headers["Access-Control-Allow-Origin"]); }
public void TryValidateMethod_DoesCaseSensitiveComparison() { CorsEngine corsEngine = new CorsEngine(); CorsPolicy policy = new CorsPolicy(); policy.Methods.Add("POST"); CorsResult result = new CorsResult(); bool isValid = corsEngine.TryValidateMethod(new CorsRequestContext { AccessControlRequestMethod = "post" }, policy, result); Assert.False(isValid); Assert.Equal(1, result.ErrorMessages.Count); Assert.Equal("The method 'post' is not allowed.", result.ErrorMessages[0]); }
public void TryValidateOrigin_DoesCaseSensitiveComparison() { CorsEngine corsEngine = new CorsEngine(); CorsPolicy policy = new CorsPolicy(); policy.Origins.Add("http://Example.com"); CorsResult result = new CorsResult(); bool isValid = corsEngine.TryValidateOrigin(new CorsRequestContext { Origin = "http://example.com" }, policy, result); Assert.False(isValid); Assert.Equal(1, result.ErrorMessages.Count); Assert.Equal("The origin 'http://example.com' is not allowed.", result.ErrorMessages[0]); }
public void ToResponseHeaders_SomeSimpleAllowMethods_AllowMethodsHeaderAddedForNonSimpleMethods() { CorsResult result = new CorsResult(); result.AllowedMethods.Add("PUT"); result.AllowedMethods.Add("get"); result.AllowedMethods.Add("DELETE"); result.AllowedMethods.Add("POST"); IDictionary <string, string> headers = result.ToResponseHeaders(); Assert.Contains("Access-Control-Allow-Methods", headers.Keys); string[] methods = headers["Access-Control-Allow-Methods"].Split(','); Assert.Equal(2, methods.Length); Assert.Contains("PUT", methods); Assert.Contains("DELETE", methods); }
public void ToResponseHeaders_ManyAllowExposedHeaders_ExposedHeadersHeaderAdded() { CorsResult result = new CorsResult(); result.AllowedExposedHeaders.Add("foo"); result.AllowedExposedHeaders.Add("bar"); result.AllowedExposedHeaders.Add("baz"); IDictionary <string, string> headers = result.ToResponseHeaders(); Assert.Contains("Access-Control-Expose-Headers", headers.Keys); string[] exposedHeaderValues = headers["Access-Control-Expose-Headers"].Split(','); Assert.Equal(3, exposedHeaderValues.Length); Assert.Contains("foo", exposedHeaderValues); Assert.Contains("bar", exposedHeaderValues); Assert.Contains("baz", exposedHeaderValues); }
/// <inheritdoc /> public CorsResult EvaluatePolicy(HttpContext context, CorsPolicy policy) { if (context == null) { throw new ArgumentNullException(nameof(context)); } if (policy == null) { throw new ArgumentNullException(nameof(policy)); } if (policy.AllowAnyOrigin && policy.SupportsCredentials) { throw new ArgumentException(Resources.InsecureConfiguration, nameof(policy)); } var requestHeaders = context.Request.Headers; var origin = requestHeaders.Origin; var isOptionsRequest = HttpMethods.IsOptions(context.Request.Method); var isPreflightRequest = isOptionsRequest && requestHeaders.ContainsKey(CorsConstants.AccessControlRequestMethod); if (isOptionsRequest && !isPreflightRequest) { _logger.IsNotPreflightRequest(); } var corsResult = new CorsResult { IsPreflightRequest = isPreflightRequest, IsOriginAllowed = IsOriginAllowed(policy, origin), }; if (isPreflightRequest) { EvaluatePreflightRequest(context, policy, corsResult); } else { EvaluateRequest(context, policy, corsResult); } return(corsResult); }
public void ToString_ReturnsThePropertyValues() { CorsResult corsResult = new CorsResult { SupportsCredentials = true, PreflightMaxAge = 20, AllowedOrigin = "*" }; corsResult.AllowedExposedHeaders.Add("foo"); corsResult.AllowedHeaders.Add("bar"); corsResult.AllowedHeaders.Add("baz"); corsResult.AllowedMethods.Add("GET"); corsResult.ErrorMessages.Add("error1"); corsResult.ErrorMessages.Add("error2"); Assert.Equal(@"IsValid: False, AllowCredentials: True, PreflightMaxAge: 20, AllowOrigin: *, AllowExposedHeaders: {foo}, AllowHeaders: {bar,baz}, AllowMethods: {GET}, ErrorMessages: {error1,error2}", corsResult.ToString()); }
public void ApplyResult_PreflightMaxAge_MaxAgeHeaderAdded() { // Arrange var result = new CorsResult { IsOriginAllowed = true, IsPreflightRequest = true, PreflightMaxAge = TimeSpan.FromSeconds(30), }; var httpContext = new DefaultHttpContext(); var service = GetCorsService(); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Equal("30", httpContext.Response.Headers["Access-Control-Max-Age"]); }
public void ApplyResult_OneAllowExposedHeaders_ExposedHeadersHeaderAdded() { // Arrange var result = new CorsResult { IsOriginAllowed = true, AllowedExposedHeaders = { "foo" }, }; var httpContext = new DefaultHttpContext(); var service = GetCorsService(); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Equal("foo", httpContext.Response.Headers["Access-Control-Expose-Headers"]); }
public void ToString_ReturnsThePropertyValues() { // Arrange var corsResult = new CorsResult { SupportsCredentials = true, PreflightMaxAge = TimeSpan.FromSeconds(30), AllowedOrigin = "*" }; corsResult.AllowedExposedHeaders.Add("foo"); corsResult.AllowedHeaders.Add("bar"); corsResult.AllowedHeaders.Add("baz"); corsResult.AllowedMethods.Add("GET"); // Act var result = corsResult.ToString(); // Assert Assert.Equal( @"AllowCredentials: True, PreflightMaxAge: 30, AllowOrigin: *," + " AllowExposedHeaders: {foo}, AllowHeaders: {bar,baz}, AllowMethods: {GET}", result); }
public void ApplyResult_ManyAllowExposedHeaders_ExposedHeadersHeaderAdded() { // Arrange var result = new CorsResult(); result.AllowedExposedHeaders.Add("foo"); result.AllowedExposedHeaders.Add("bar"); result.AllowedExposedHeaders.Add("baz"); var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of<IOptions<CorsOptions>>()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Contains("Access-Control-Expose-Headers", httpContext.Response.Headers.Keys); var value = Assert.Single(httpContext.Response.Headers.Values); Assert.Equal(new[] { "foo,bar,baz" }, value); string[] exposedHeaderValues = httpContext.Response.Headers["Access-Control-Expose-Headers"].Split(','); Assert.Equal(3, exposedHeaderValues.Length); Assert.Contains("foo", exposedHeaderValues); Assert.Contains("bar", exposedHeaderValues); Assert.Contains("baz", exposedHeaderValues); }
public void ApplyResult_NoAllowMethods_AllowMethodsHeaderNotAdded() { // Arrange var result = new CorsResult { // AllowMethods is empty by default }; var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of<IOptions<CorsOptions>>()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.DoesNotContain("Access-Control-Allow-Methods", httpContext.Response.Headers.Keys); }
public void ApplyResult_NoAllowOrigin_AllowOriginHeaderNotAdded() { // Arrange var result = new CorsResult { AllowedOrigin = null }; var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of<IOptions<CorsOptions>>()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.DoesNotContain("Access-Control-Allow-Origin", httpContext.Response.Headers.Keys); }
public void ApplyResult_NoPreflightMaxAge_MaxAgeHeaderNotAdded() { // Arrange var result = new CorsResult { PreflightMaxAge = null }; var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of<IOptions<CorsOptions>>()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.DoesNotContain("Access-Control-Max-Age", httpContext.Response.Headers.Keys); }
public void ApplyResult_ManyAllowHeaders_AllowHeadersHeaderAdded() { // Arrange var result = new CorsResult(); result.AllowedHeaders.Add("foo"); result.AllowedHeaders.Add("bar"); result.AllowedHeaders.Add("baz"); var httpContext = new DefaultHttpContext(); var service = new CorsService(new TestCorsOptions()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Contains("Access-Control-Allow-Headers", httpContext.Response.Headers.Keys); var value = Assert.Single(httpContext.Response.Headers.Values); Assert.Equal(new[] { "foo,bar,baz" }, value); string[] headerValues = httpContext.Response.Headers.GetCommaSeparatedValues("Access-Control-Allow-Headers"); Assert.Equal(3, headerValues.Length); Assert.Contains("foo", headerValues); Assert.Contains("bar", headerValues); Assert.Contains("baz", headerValues); }
public void ApplyResult_OneAllowMethods_AllowMethodsHeaderAdded() { // Arrange var result = new CorsResult(); result.AllowedMethods.Add("PUT"); var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of<IOptions<CorsOptions>>()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Equal("PUT", httpContext.Response.Headers["Access-Control-Allow-Methods"]); }
public void ApplyResult_OneAllowExposedHeaders_ExposedHeadersHeaderAdded() { // Arrange var result = new CorsResult(); result.AllowedExposedHeaders.Add("foo"); var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of<IOptions<CorsOptions>>()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Equal("foo", httpContext.Response.Headers["Access-Control-Expose-Headers"]); }
public void ApplyResult_NoAllowCredentials_AllowCredentialsHeaderNotAdded() { // Arrange var result = new CorsResult { SupportsCredentials = false }; var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of<IOptions<CorsOptions>>()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.DoesNotContain("Access-Control-Allow-Credentials", httpContext.Response.Headers.Keys); }
public void ApplyResult_PreflightMaxAge_MaxAgeHeaderAdded() { // Arrange var result = new CorsResult { PreflightMaxAge = TimeSpan.FromSeconds(30) }; var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of<IOptions<CorsOptions>>()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Equal("30", httpContext.Response.Headers["Access-Control-Max-Age"]); }
public void ApplyResult_SimpleAllowMethods_AllowMethodsHeaderNotAdded() { // Arrange var result = new CorsResult(); result.AllowedMethods.Add("GET"); result.AllowedMethods.Add("HEAD"); result.AllowedMethods.Add("POST"); var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of<IOptions<CorsOptions>>()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.DoesNotContain("Access-Control-Allow-Methods", httpContext.Response.Headers.Keys); }
public void ApplyResult_SimpleAllowHeaders_AllowHeadersHeaderNotAdded() { // Arrange var result = new CorsResult(); result.AllowedHeaders.Add("Accept"); result.AllowedHeaders.Add("Accept-Language"); result.AllowedHeaders.Add("Content-Language"); var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of<IOptions<CorsOptions>>()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.DoesNotContain("Access-Control-Allow-Headers", httpContext.Response.Headers.Keys); }
public void ApplyResult_ReturnsNoHeaders_ByDefault() { // Arrange var result = new CorsResult(); var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of<IOptions<CorsOptions>>()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Empty(httpContext.Response.Headers); }
public void ApplyResult_SomeSimpleAllowHeaders_AllowHeadersHeaderAddedForNonSimpleHeaders() { // Arrange var result = new CorsResult(); result.AllowedHeaders.Add("Content-Language"); result.AllowedHeaders.Add("foo"); result.AllowedHeaders.Add("bar"); result.AllowedHeaders.Add("Accept"); var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of<IOptions<CorsOptions>>()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Contains("Access-Control-Allow-Headers", httpContext.Response.Headers.Keys); string[] headerValues = httpContext.Response.Headers["Access-Control-Allow-Headers"].Split(','); Assert.Equal(2, headerValues.Length); Assert.Contains("foo", headerValues); Assert.Contains("bar", headerValues); }
public void ApplyResult_NoAllowExposedHeaders_ExposedHeadersHeaderNotAdded() { // Arrange var result = new CorsResult { // AllowExposedHeaders is empty by default }; var httpContext = new DefaultHttpContext(); var service = new CorsService(new TestCorsOptions()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.DoesNotContain("Access-Control-Expose-Headers", httpContext.Response.Headers.Keys); }
public void ApplyResult_SomeSimpleAllowMethods_AllowMethodsHeaderAddedForNonSimpleMethods() { // Arrange var result = new CorsResult(); result.AllowedMethods.Add("PUT"); result.AllowedMethods.Add("get"); result.AllowedMethods.Add("DELETE"); result.AllowedMethods.Add("POST"); var httpContext = new DefaultHttpContext(); var service = new CorsService(Mock.Of<IOptions<CorsOptions>>()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Contains("Access-Control-Allow-Methods", httpContext.Response.Headers.Keys); var value = Assert.Single(httpContext.Response.Headers.Values); Assert.Equal(new[] { "PUT,DELETE" }, value); var methods = httpContext.Response.Headers["Access-Control-Allow-Methods"].Split(','); Assert.Equal(2, methods.Length); Assert.Contains("PUT", methods); Assert.Contains("DELETE", methods); }
public void ApplyResult_OneAllowHeaders_AllowHeadersHeaderAdded() { // Arrange var result = new CorsResult(); result.AllowedHeaders.Add("foo"); var httpContext = new DefaultHttpContext(); var service = new CorsService(new TestCorsOptions()); // Act service.ApplyResult(result, httpContext.Response); // Assert Assert.Equal("foo", httpContext.Response.Headers["Access-Control-Allow-Headers"]); }