public async Task DisableCors_DoesNotShortCircuitsRequest_IfNoAccessControlRequestMethodFound() { // Arrange var filter = new DisableCorsAuthorizationFilter(); var httpContext = new DefaultHttpContext(); httpContext.Request.Method = "OPTIONS"; httpContext.Request.Headers.Add(CorsConstants.Origin, "http://localhost:5000/"); var authorizationFilterContext = new AuthorizationFilterContext( new ActionContext(httpContext, new RouteData(), new ActionDescriptor()), new List <IFilterMetadata>()); // Act await filter.OnAuthorizationAsync(authorizationFilterContext); // Assert Assert.Null(authorizationFilterContext.Result); }
public async Task DisableCors_CaseInsensitivePreflightMethod_ShortCircuitsRequest(string preflightMethod) { // Arrange var filter = new DisableCorsAuthorizationFilter(); var httpContext = new DefaultHttpContext(); httpContext.Request.Method = preflightMethod; httpContext.Request.Headers.Add(CorsConstants.Origin, "http://localhost:5000/"); httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, "PUT"); var authorizationFilterContext = new AuthorizationFilterContext( new ActionContext(httpContext, new RouteData(), new ActionDescriptor()), new List <IFilterMetadata>()); // Act await filter.OnAuthorizationAsync(authorizationFilterContext); // Assert var statusCodeResult = Assert.IsType <StatusCodeResult>(authorizationFilterContext.Result); Assert.Equal(StatusCodes.Status204NoContent, statusCodeResult.StatusCode); }