public void GetCorsPolicyProvider_NullRequest_Throws()
{
AttributeBasedPolicyProviderFactory providerFactory =
new AttributeBasedPolicyProviderFactory();
Assert.ThrowsArgumentNull(() => providerFactory.GetCorsPolicyProvider(null), "request");
}
public void GetCorsPolicyProvider_Preflight_ReturnsDefaultPolicyProvider_WhenActionSelectionFails()
{
AttributeBasedPolicyProviderFactory providerFactory =
new AttributeBasedPolicyProviderFactory();
ICorsPolicyProvider mockProvider = new Mock <ICorsPolicyProvider>().Object;
providerFactory.DefaultPolicyProvider = mockProvider;
HttpRequestMessage request = new HttpRequestMessage(
HttpMethod.Options,
"http://localhost/sample"
);
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod");
HttpConfiguration config = new HttpConfiguration();
request.SetConfiguration(config);
IHttpRoute route = config.Routes.MapHttpRoute(
"default",
"{controller}/{id}",
new { id = RouteParameter.Optional }
);
request.SetRouteData(route.GetRouteData("/", request));
ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);
Assert.True(request.GetCorsRequestContext().IsPreflight);
Assert.Same(mockProvider, provider);
}
public void GetCorsPolicyProvider_ReturnsPolicyProvider_OnController()
{
AttributeBasedPolicyProviderFactory providerFactory =
new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage();
Func <string> action = new SampleController().Get;
HttpControllerDescriptor controllerDescriptor = new HttpControllerDescriptor
{
ControllerName = "Sample",
ControllerType = typeof(SampleController)
};
request.SetActionDescriptor(
new ReflectedHttpActionDescriptor
{
MethodInfo = action.Method,
ControllerDescriptor = controllerDescriptor
}
);
request.Headers.Add("Origin", "http://example.com");
ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request);
Assert.NotNull(policyProvider);
Assert.IsType <EnableCorsAttribute>(policyProvider);
}
public void GetCorsPolicyProvider_Preflight_NoHttpConfiguration_Throws()
{
AttributeBasedPolicyProviderFactory providerFactory =
new AttributeBasedPolicyProviderFactory();
// No HttpConfiguration set on the request.
HttpRequestMessage request = new HttpRequestMessage(
HttpMethod.Options,
"http://localhost/sample"
);
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET");
HttpConfiguration config = new HttpConfiguration();
IHttpRoute route = config.Routes.MapHttpRoute(
"default",
"{controller}/{id}",
new { id = RouteParameter.Optional }
);
request.SetRouteData(route.GetRouteData("/", request));
Assert.Throws <InvalidOperationException>(
() => providerFactory.GetCorsPolicyProvider(request),
"The request does not have an associated configuration object."
);
}
public void GetCorsPolicyProvider_Preflight_ReturnsExpectedPolicyProvider(
string httpMethod,
string path,
Type expectedProviderType
)
{
AttributeBasedPolicyProviderFactory providerFactory =
new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage(
HttpMethod.Options,
"http://localhost/sample" + path
);
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, httpMethod);
HttpConfiguration config = new HttpConfiguration();
request.SetConfiguration(config);
IHttpRoute route = config.Routes.MapHttpRoute(
"default",
"{controller}/{id}",
new { id = RouteParameter.Optional }
);
request.SetRouteData(route.GetRouteData("/", request));
ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);
Assert.True(request.GetCorsRequestContext().IsPreflight);
Assert.IsType(expectedProviderType, provider);
}
public void GetCorsPolicyProvider_Preflight_DisposesControllerAfterActionSelection()
{
// Arrange
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "POST");
HttpConfiguration config = new HttpConfiguration();
HttpControllerContext controllerContext = null;
var actionSelector = new Mock<IHttpActionSelector>();
actionSelector.Setup(s => s.SelectAction(It.IsAny<HttpControllerContext>()))
.Callback<HttpControllerContext>(context =>
{
Assert.False(((SampleController)context.Controller).Disposed);
controllerContext = context;
});
config.Services.Replace(typeof(IHttpActionSelector), actionSelector.Object);
request.SetConfiguration(config);
IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });
request.SetRouteData(route.GetRouteData("/", request));
ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);
// Assert
Assert.True(((SampleController)controllerContext.Controller).Disposed);
}
public void GetCorsPolicyProvider_Preflight_DisposesControllerAfterActionSelection()
{
// Arrange
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "POST");
HttpConfiguration config = new HttpConfiguration();
HttpControllerContext controllerContext = null;
var actionSelector = new Mock <IHttpActionSelector>();
actionSelector.Setup(s => s.SelectAction(It.IsAny <HttpControllerContext>()))
.Callback <HttpControllerContext>(context =>
{
Assert.False(((SampleController)context.Controller).Disposed);
controllerContext = context;
});
config.Services.Replace(typeof(IHttpActionSelector), actionSelector.Object);
request.SetConfiguration(config);
IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });
request.SetRouteData(route.GetRouteData("/", request));
ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);
// Assert
Assert.True(((SampleController)controllerContext.Controller).Disposed);
}
public static void Register(HttpConfiguration config)
{
config.EnableCors();
// Web API routes
config.EnableSystemDiagnosticsTracing().IsVerbose = true;
config.MapHttpAttributeRoutes();
var defaultPolicyProvider = new EnableCorsAttribute("*", "*", "*");
defaultPolicyProvider.SupportsCredentials = true; //important if you are sending cookies
AttributeBasedPolicyProviderFactory policyProviderFactory = new AttributeBasedPolicyProviderFactory();
policyProviderFactory.DefaultPolicyProvider = defaultPolicyProvider;
config.SetCorsPolicyProviderFactory(policyProviderFactory);
config.Routes.MapHttpRoute(
name: "BatchApi",
routeTemplate: "api/batch",
defaults: null,
constraints: null,
handler: new DefaultHttpBatchHandler(GlobalConfiguration.DefaultServer));
config.Routes.MapHttpRoute(
name: "DefaultApi",
routeTemplate: "api/{controller}/{id}",
defaults: new { id = RouteParameter.Optional },
constraints: null,
handler: new CorsMessageHandler(config) { InnerHandler = new HttpControllerDispatcher(config) }
);
}
public void GetCorsPolicyProvider_NullRequest_Throws()
{
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
Assert.ThrowsArgumentNull(() =>
providerFactory.GetCorsPolicyProvider(null),
"request");
}
public void GetCorsPolicyProvider_Preflight_Throws_WhenNoDefaultPolicyProviderAndActionSelectionFails()
{
AttributeBasedPolicyProviderFactory providerFactory =
new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage(
HttpMethod.Options,
"http://localhost/sample"
);
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod");
HttpConfiguration config = new HttpConfiguration();
request.SetConfiguration(config);
IHttpRoute route = config.Routes.MapHttpRoute(
"default",
"{controller}/{id}",
new { id = RouteParameter.Optional }
);
request.SetRouteData(route.GetRouteData("/", request));
Assert.True(request.GetCorsRequestContext().IsPreflight);
Assert.Throws <HttpResponseException>(
() => providerFactory.GetCorsPolicyProvider(request)
);
}
public void GetCorsPolicyProvider_Preflight_ReturnsPolicyProviderUsingPerControllerConfiguration()
{
AttributeBasedPolicyProviderFactory providerFactory =
new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage(
HttpMethod.Options,
"http://localhost/percontrollerconfig"
);
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "httpmethod");
HttpConfiguration config = new HttpConfiguration();
request.SetConfiguration(config);
config.Routes.MapHttpRoute(
"default",
"{controller}/{id}",
new { id = RouteParameter.Optional }
);
ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);
Assert.True(request.GetCorsRequestContext().IsPreflight);
EnableCorsAttribute enableCorsAttribute = Assert.IsType <EnableCorsAttribute>(provider);
string origin = Assert.Single(enableCorsAttribute.Origins);
Assert.Equal("http://example.com", origin);
}
public void GetCorsPolicyProvider_Preflight_NoRouteData_ReturnsNull()
{
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
// No RouteData set on the request.
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET");
HttpConfiguration config = new HttpConfiguration();
request.SetConfiguration(config);
var provider = providerFactory.GetCorsPolicyProvider(request);
Assert.Null(provider);
}
public void GetCorsPolicyProvider_Preflight_NoRouteData_Throws()
{
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
// No RouteData set on the request.
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET");
HttpConfiguration config = new HttpConfiguration();
request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config;
Assert.Throws<InvalidOperationException>(() =>
providerFactory.GetCorsPolicyProvider(request),
"No route data was found for this request.");
}
public void GetCorsPolicyProvider_Preflight_ReturnsExpectedPolicyProvider(string httpMethod, string path, Type expectedProviderType)
{
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample" + path);
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, httpMethod);
HttpConfiguration config = new HttpConfiguration();
request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config;
IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });
request.Properties[HttpPropertyKeys.HttpRouteDataKey] = route.GetRouteData("/", request);
ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);
Assert.True(request.GetCorsRequestContext().IsPreflight);
Assert.IsType(expectedProviderType, provider);
}
public void GetCorsPolicyProvider_Preflight_NoHttpConfiguration_Throws()
{
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
// No HttpConfiguration set on the request.
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET");
HttpConfiguration config = new HttpConfiguration();
IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });
request.Properties[HttpPropertyKeys.HttpRouteDataKey] = route.GetRouteData("/", request);
Assert.Throws<InvalidOperationException>(() =>
providerFactory.GetCorsPolicyProvider(request),
"The request does not have an associated configuration object.");
}
/// <summary>
/// Enables the support for CORS.
/// </summary>
/// <param name="httpConfiguration">The <see cref="HttpConfiguration"/>.</param>
/// <param name="defaultPolicyProvider">The default <see cref="ICorsPolicyProvider"/>.</param>
/// <exception cref="System.ArgumentNullException">httpConfiguration</exception>
public static void EnableCors(this HttpConfiguration httpConfiguration, ICorsPolicyProvider defaultPolicyProvider)
{
if (httpConfiguration == null)
{
throw new ArgumentNullException("httpConfiguration");
}
if (defaultPolicyProvider != null)
{
AttributeBasedPolicyProviderFactory policyProviderFactory = new AttributeBasedPolicyProviderFactory();
policyProviderFactory.DefaultPolicyProvider = defaultPolicyProvider;
httpConfiguration.SetCorsPolicyProviderFactory(policyProviderFactory);
}
AddCorsMessageHandler(httpConfiguration);
}
/// <summary>
/// Enables the support for CORS.
/// </summary>
/// <param name="httpConfiguration">The <see cref="HttpConfiguration"/>.</param>
/// <param name="defaultPolicyProvider">The default <see cref="ICorsPolicyProvider"/>.</param>
/// <exception cref="System.ArgumentNullException">httpConfiguration</exception>
public static void EnableCors(this HttpConfiguration httpConfiguration, ICorsPolicyProvider defaultPolicyProvider)
{
if (httpConfiguration == null)
{
throw new ArgumentNullException("httpConfiguration");
}
if (defaultPolicyProvider != null)
{
AttributeBasedPolicyProviderFactory policyProviderFactory = new AttributeBasedPolicyProviderFactory();
policyProviderFactory.DefaultPolicyProvider = defaultPolicyProvider;
httpConfiguration.SetCorsPolicyProviderFactory(policyProviderFactory);
}
AddCorsMessageHandler(httpConfiguration);
}
public void GetCorsPolicyProvider_Preflight_NoRouteData_ReturnsNull()
{
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
// No RouteData set on the request.
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET");
HttpConfiguration config = new HttpConfiguration();
request.SetConfiguration(config);
var provider = providerFactory.GetCorsPolicyProvider(request);
Assert.Null(provider);
}
public void GetCorsPolicyProvider_ReturnsPolicyProvider_OnAction()
{
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage();
Func <string> action = new SampleController().Post;
request.SetActionDescriptor(new ReflectedHttpActionDescriptor
{
MethodInfo = action.Method
});
request.Headers.Add("Origin", "http://example.com");
ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request);
Assert.NotNull(policyProvider);
Assert.IsType(typeof(DisableCorsAttribute), policyProvider);
}
public void GetCorsPolicyProvider_Preflight_NoRouteData_Throws()
{
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
// No RouteData set on the request.
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET");
HttpConfiguration config = new HttpConfiguration();
request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config;
Assert.Throws <InvalidOperationException>(() =>
providerFactory.GetCorsPolicyProvider(request),
"No route data was found for this request.");
}
public void GetCorsPolicyProvider_Preflight_ReturnsDefaultPolicyProvider_WhenActionSelectionFails()
{
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
ICorsPolicyProvider mockProvider = new Mock<ICorsPolicyProvider>().Object;
providerFactory.DefaultPolicyProvider = mockProvider;
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod");
HttpConfiguration config = new HttpConfiguration();
request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config;
IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });
request.Properties[HttpPropertyKeys.HttpRouteDataKey] = route.GetRouteData("/", request);
ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);
Assert.True(request.GetCorsRequestContext().IsPreflight);
Assert.Same(mockProvider, provider);
}
public void GetCorsPolicyProvider_ReturnsDefaultPolicyProvider()
{
ICorsPolicyProvider mockProvider = new Mock <ICorsPolicyProvider>().Object;
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
providerFactory.DefaultPolicyProvider = mockProvider;
HttpRequestMessage request = new HttpRequestMessage();
Func <string> action = new DefaultController().Get;
request.SetActionDescriptor(new ReflectedHttpActionDescriptor
{
MethodInfo = action.Method
});
request.Headers.Add("Origin", "http://example.com");
ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request);
Assert.Same(mockProvider, policyProvider);
}
public void GetCorsPolicyProvider_Preflight_DoesNotUseRouteDataOnTheRequest()
{
AttributeBasedPolicyProviderFactory providerFactory =
new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage(
HttpMethod.Options,
"http://localhost/sample"
);
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "Put");
HttpConfiguration config = new HttpConfiguration();
request.SetConfiguration(config);
var route = config.Routes.MapHttpRoute(
"default",
"{controller}/{id}",
new { id = RouteParameter.Optional }
);
request.SetRouteData(
new HttpRouteData(
route,
new HttpRouteValueDictionary(
new { action = "Options", controller = "sample", id = 2 }
)
)
);
ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);
Assert.True(request.GetCorsRequestContext().IsPreflight);
EnableCorsAttribute enableCorsAttribute = Assert.IsType <EnableCorsAttribute>(provider);
Assert.Equal(2, enableCorsAttribute.Origins.Count());
Assert.Equal("http://example.com", enableCorsAttribute.Origins[0]);
Assert.Equal("http://localhost", enableCorsAttribute.Origins[1]);
}
public void GetCorsPolicyProvider_Preflight_Throws_WhenNoDefaultPolicyProviderAndActionSelectionFails()
{
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod");
HttpConfiguration config = new HttpConfiguration();
request.Properties[HttpPropertyKeys.HttpConfigurationKey] = config;
IHttpRoute route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });
request.Properties[HttpPropertyKeys.HttpRouteDataKey] = route.GetRouteData("/", request);
Assert.True(request.GetCorsRequestContext().IsPreflight);
Assert.Throws<HttpResponseException>(() =>
providerFactory.GetCorsPolicyProvider(request));
}
public void GetCorsPolicyProvider_ReturnsPolicyProvider_OnController()
{
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage();
Func<string> action = new SampleController().Get;
HttpControllerDescriptor controllerDescriptor = new HttpControllerDescriptor
{
ControllerName = "Sample",
ControllerType = typeof(SampleController)
};
request.SetActionDescriptor(new ReflectedHttpActionDescriptor
{
MethodInfo = action.Method,
ControllerDescriptor = controllerDescriptor
});
request.Headers.Add("Origin", "http://example.com");
ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request);
Assert.NotNull(policyProvider);
Assert.IsType(typeof(EnableCorsAttribute), policyProvider);
}
public void GetCorsPolicyProvider_Preflight_ReturnsPolicyProviderUsingPerControllerConfiguration()
{
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/percontrollerconfig");
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "httpmethod");
HttpConfiguration config = new HttpConfiguration();
request.SetConfiguration(config);
config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });
ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);
Assert.True(request.GetCorsRequestContext().IsPreflight);
EnableCorsAttribute enableCorsAttribute = Assert.IsType<EnableCorsAttribute>(provider);
Assert.Equal(1, enableCorsAttribute.Origins.Count());
Assert.Equal("http://example.com", enableCorsAttribute.Origins.First());
}
public void GetCorsPolicyProvider_ReturnsPolicyProvider_OnAction()
{
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage();
Func<string> action = new SampleController().Post;
request.Properties[HttpPropertyKeys.HttpActionDescriptorKey] = new ReflectedHttpActionDescriptor
{
MethodInfo = action.Method
};
request.Headers.Add("Origin", "http://example.com");
ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request);
Assert.NotNull(policyProvider);
Assert.IsType(typeof(DisableCorsAttribute), policyProvider);
}
public void GetCorsPolicyProvider_Preflight_DoesNotUseRouteDataOnTheRequest()
{
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample");
request.Headers.Add("Origin", "http://localhost");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "Put");
HttpConfiguration config = new HttpConfiguration();
request.SetConfiguration(config);
var route = config.Routes.MapHttpRoute("default", "{controller}/{id}", new { id = RouteParameter.Optional });
request.SetRouteData(new HttpRouteData(route, new HttpRouteValueDictionary(new { action = "Options", controller = "sample", id = 2 })));
ICorsPolicyProvider provider = providerFactory.GetCorsPolicyProvider(request);
Assert.True(request.GetCorsRequestContext().IsPreflight);
EnableCorsAttribute enableCorsAttribute = Assert.IsType<EnableCorsAttribute>(provider);
Assert.Equal(2, enableCorsAttribute.Origins.Count());
Assert.Equal("http://example.com", enableCorsAttribute.Origins[0]);
Assert.Equal("http://localhost", enableCorsAttribute.Origins[1]);
}
public void GetCorsPolicyProvider_ReturnsDefaultPolicyProvider()
{
ICorsPolicyProvider mockProvider = new Mock<ICorsPolicyProvider>().Object;
AttributeBasedPolicyProviderFactory providerFactory = new AttributeBasedPolicyProviderFactory();
providerFactory.DefaultPolicyProvider = mockProvider;
HttpRequestMessage request = new HttpRequestMessage();
Func<string> action = new DefaultController().Get;
request.Properties[HttpPropertyKeys.HttpActionDescriptorKey] = new ReflectedHttpActionDescriptor
{
MethodInfo = action.Method
};
request.Headers.Add("Origin", "http://example.com");
ICorsPolicyProvider policyProvider = providerFactory.GetCorsPolicyProvider(request);
Assert.Same(mockProvider, policyProvider);
}
