public async Task DisableCors_DoesNotShortCircuitsRequest_IfNoAccessControlRequestMethodFound()
{
// Arrange
var filter = new DisableCorsAuthorizationFilter();
var httpContext = new DefaultHttpContext();
httpContext.Request.Method = "OPTIONS";
httpContext.Request.Headers.Add(CorsConstants.Origin, "http://localhost:5000/");
var authorizationFilterContext = new AuthorizationFilterContext(
new ActionContext(httpContext, new RouteData(), new ActionDescriptor()),
new List <IFilterMetadata>());
// Act
await filter.OnAuthorizationAsync(authorizationFilterContext);
// Assert
Assert.Null(authorizationFilterContext.Result);
}
public async Task DisableCors_CaseInsensitivePreflightMethod_ShortCircuitsRequest(string preflightMethod)
{
// Arrange
var filter = new DisableCorsAuthorizationFilter();
var httpContext = new DefaultHttpContext();
httpContext.Request.Method = preflightMethod;
httpContext.Request.Headers.Add(CorsConstants.Origin, "http://localhost:5000/");
httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, "PUT");
var authorizationFilterContext = new AuthorizationFilterContext(
new ActionContext(httpContext, new RouteData(), new ActionDescriptor()),
new List <IFilterMetadata>());
// Act
await filter.OnAuthorizationAsync(authorizationFilterContext);
// Assert
var statusCodeResult = Assert.IsType <StatusCodeResult>(authorizationFilterContext.Result);
Assert.Equal(StatusCodes.Status204NoContent, statusCodeResult.StatusCode);
}
