Example #1
0
        public async Task Cors_HttpContext_PolicyNotFound()
        {
            var cpp = new SnCorsPolicyProvider(null);
            var hc  = new DefaultHttpContext();

            // no origin header
            Assert.IsNull(await cpp.GetPolicyAsync(hc, "sensenet"));

            // no policy name
            hc = new DefaultHttpContext();
            hc.Request.Headers.Add("Origin", "abc");
            Assert.IsNull(await cpp.GetPolicyAsync(hc, null));

            // unknown policy name
            Assert.IsNull(await cpp.GetPolicyAsync(hc, "other"));
        }
Example #2
0
        public async Task Cors_HttpContext_PolicyFound()
        {
            await Test(async() =>
            {
                // default settings support localhost and sensenet.com
                var p = await AssertOriginPrivate("localhost", true);
                Assert.IsTrue(p.SupportsCredentials);
                p = await AssertOriginPrivate("localhost:123", true);
                Assert.IsTrue(p.SupportsCredentials);
                p = await AssertOriginPrivate("example.sensenet.com", true);
                Assert.IsTrue(p.SupportsCredentials);

                await AssertOriginPrivate("sensenet.com", false);
                await AssertOriginPrivate("example.com", false);
            });

            async Task <CorsPolicy> AssertOriginPrivate(string origin, bool expected)
            {
                var cpp     = new SnCorsPolicyProvider(null);
                var context = new DefaultHttpContext();

                context.Request.Headers["Origin"] = origin;
                var p = await cpp.GetPolicyAsync(context, SnCorsPolicyProvider.DefaultSenseNetCorsPolicyName);

                Assert.AreEqual(expected, p.Origins.Contains(origin));

                return(p);
            }
        }
Example #3
0
        public async Task Cors_HttpContext_PolicyFound()
        {
            await Test(async() =>
            {
                // set allowed domains for test
                var setting = await Node.LoadAsync <Settings>(
                    RepositoryPath.Combine(Repository.SettingsFolderPath, "Portal.settings"), CancellationToken.None);
                var currentSettingText = RepositoryTools.GetStreamString(setting.Binary.GetStream());
                var newSettingText     = EditJson(currentSettingText, @"
{
""AllowedOriginDomains"": [
    ""localhost:*"",
    ""*.sensenet.com""
  ]
}
");
                setting.Binary.SetStream(RepositoryTools.GetStreamFromString(newSettingText));
                setting.Save(SavingMode.KeepVersion);

                // default settings support localhost and sensenet.com
                var p = await AssertOriginPrivate("localhost", true);
                Assert.IsTrue(p.SupportsCredentials);
                p = await AssertOriginPrivate("localhost:123", true);
                Assert.IsTrue(p.SupportsCredentials);
                p = await AssertOriginPrivate("example.sensenet.com", true);
                Assert.IsTrue(p.SupportsCredentials);

                await AssertOriginPrivate("sensenet.com", false);
                await AssertOriginPrivate("example.com", false);
            });

            async Task <CorsPolicy> AssertOriginPrivate(string origin, bool expected)
            {
                var cpp     = new SnCorsPolicyProvider(null);
                var context = new DefaultHttpContext();

                context.Request.Headers["Origin"] = origin;
                var p = await cpp.GetPolicyAsync(context, SnCorsPolicyProvider.DefaultSenseNetCorsPolicyName);

                Assert.AreEqual(expected, p.Origins.Contains(origin));

                return(p);
            }
        }