public void Should_get_cors_config_from_attributes_applied_to_action()
{
var policy = new CorsAttributePolicySource(new ActionDescriptor(
ActionMethod.From <ActionAttributesHandler>(x => x.Get()),
null, null, null, null, null, null, null, new TypeCache())).CreatePolicy();
policy.AllowOptionRequestsToPassThrough.ShouldBeTrue();
policy.AllowRequestsWithoutOriginHeader.ShouldBeFalse();
policy.AllowRequestsThatFailCors.ShouldBeFalse();
policy.AllowAnyHeader.ShouldBeTrue();
policy.AllowAnyMethod.ShouldBeTrue();
policy.AllowAnyOrigin.ShouldBeTrue();
policy.PreflightMaxAge.ShouldEqual(50);
policy.SupportsCredentials.ShouldBeTrue();
policy.ExposedHeaders.ShouldOnlyContain("exposed-header1", "exposed-header2");
policy.Headers.ShouldOnlyContain("allowed-header1", "allowed-header2");
policy.Methods.ShouldOnlyContain("put", "patch");
policy.Origins.ShouldOnlyContain("fark.com", "farker.com");
}
public void Should_get_cors_config_when_no_attributes_applied()
{
var policy = new CorsAttributePolicySource(new ActionDescriptor(
ActionMethod.From <NoAttributesHandler>(x => x.Get()),
null, null, null, null, null, null, null, new TypeCache())).CreatePolicy();
policy.AllowOptionRequestsToPassThrough.ShouldBeFalse();
policy.AllowRequestsWithoutOriginHeader.ShouldBeTrue();
policy.AllowRequestsThatFailCors.ShouldBeTrue();
policy.AllowAnyHeader.ShouldBeFalse();
policy.AllowAnyMethod.ShouldBeFalse();
policy.AllowAnyOrigin.ShouldBeFalse();
policy.PreflightMaxAge.ShouldBeNull();
policy.SupportsCredentials.ShouldBeFalse();
policy.ExposedHeaders.ShouldBeEmpty();
policy.Headers.ShouldBeEmpty();
policy.Methods.ShouldBeEmpty();
policy.Origins.ShouldBeEmpty();
}