Esempio n. 1
0
        public void ShortCircuit()
        {
            CorsConfig cors = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost:8080")
                              .ShortCircuit().Build();

            Assert.True(cors.IsShortCircuit);
        }
Esempio n. 2
0
        public void Origin()
        {
            CorsConfig cors = CorsConfigBuilder.ForOrigin((StringCharSequence)"http://localhost:7888").Build();

            Assert.Equal("http://localhost:7888", cors.Origin.ToString());
            Assert.False(cors.IsAnyOriginSupported);
        }
Esempio n. 3
0
        public void WildcardOrigin()
        {
            CorsConfig cors = CorsConfigBuilder.ForOrigin(CorsHandler.AnyOrigin).Build();

            Assert.True(cors.IsAnyOriginSupported);
            Assert.Equal("*", cors.Origin.ToString());
            Assert.Equal(0, cors.Origins.Count);
        }
Esempio n. 4
0
        public void SimpleRequestWithOrigin()
        {
            var           origin   = new AsciiString("http://localhost:8888");
            IHttpResponse response = SimpleRequest(CorsConfigBuilder.ForOrigin(origin).Build(), origin.ToString());

            Assert.Equal(origin, response.Headers.Get(HttpHeaderNames.AccessControlAllowOrigin, null));
            Assert.Null(response.Headers.Get(HttpHeaderNames.AccessControlAllowHeaders, null));
        }
Esempio n. 5
0
        public void PreflightRequestAllowCredentials()
        {
            var           origin   = new AsciiString("null");
            CorsConfig    config   = CorsConfigBuilder.ForOrigin(origin).AllowCredentials().Build();
            IHttpResponse response = PreflightRequest(config, origin.ToString(), "content-type, xheader1");

            Assert.Equal("true", response.Headers.Get(HttpHeaderNames.AccessControlAllowCredentials, null));
        }
Esempio n. 6
0
        public void SimpleRequestNoShortCircuit()
        {
            CorsConfig    config   = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost:8080").Build();
            IHttpResponse response = SimpleRequest(config, "http://localhost:7777");

            Assert.Equal(HttpResponseStatus.OK, response.Status);
            Assert.Null(response.Headers.Get(HttpHeaderNames.AccessControlAllowOrigin, null));
        }
Esempio n. 7
0
        public void PreflightRequestDoNotAllowCredentials()
        {
            CorsConfig    config   = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost:8888").Build();
            IHttpResponse response = PreflightRequest(config, "http://localhost:8888", "");

            // the only valid value for Access-Control-Allow-Credentials is true.
            Assert.False(response.Headers.Contains(HttpHeaderNames.AccessControlAllowCredentials));
        }
Esempio n. 8
0
        public void SimpleRequestShortCircuit()
        {
            CorsConfig config = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost:8080")
                                .ShortCircuit().Build();
            IHttpResponse response = SimpleRequest(config, "http://localhost:7777");

            Assert.Equal(HttpResponseStatus.Forbidden, response.Status);
            Assert.Equal("0", response.Headers.Get(HttpHeaderNames.ContentLength, null).ToString());
        }
Esempio n. 9
0
        public void PreflightRequestWithValueGenerator()
        {
            CorsConfig config = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost:8888")
                                .PreflightResponseHeader((AsciiString)"GenHeader", new ValueGenerator()).Build();
            IHttpResponse response = PreflightRequest(config, "http://localhost:8888", "content-type, xheader1");

            Assert.Equal("generatedValue", response.Headers.Get((AsciiString)"GenHeader", null).ToString());
            Assert.Equal(HttpHeaderNames.Origin.ToString(), response.Headers.Get(HttpHeaderNames.Vary, null));
        }
Esempio n. 10
0
        public void PreflightRequestWithUnauthorizedOrigin()
        {
            var        origin   = "http://host";
            CorsConfig config   = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost").Build();
            var        response = PreflightRequest(config, origin, "xheader1");

            Assert.False(response.Headers.Contains(HttpHeaderNames.AccessControlAllowOrigin));
            Assert.True(ReferenceCountUtil.Release(response));
        }
Esempio n. 11
0
        public void ShortCircuitNonCorsRequest()
        {
            CorsConfig config = CorsConfigBuilder.ForOrigin((AsciiString)"https://localhost")
                                .ShortCircuit().Build();
            IHttpResponse response = SimpleRequest(config, null);

            Assert.Equal(HttpResponseStatus.OK, response.Status);
            Assert.Null(response.Headers.Get(HttpHeaderNames.AccessControlAllowOrigin, null));
            Assert.True(ReferenceCountUtil.Release(response));
        }
Esempio n. 12
0
        public void PreflightRequestWithDefaultHeaders()
        {
            CorsConfig config   = CorsConfigBuilder.ForOrigin(new AsciiString("http://localhost:8888")).Build();
            var        response = PreflightRequest(config, "http://localhost:8888", "content-type, xheader1");

            Assert.Equal("0", response.Headers.Get(HttpHeaderNames.ContentLength, null).ToString());
            Assert.NotNull(response.Headers.Get(HttpHeaderNames.Date, null));
            Assert.Equal(HttpHeaderNames.Origin.ToString(), response.Headers.Get(HttpHeaderNames.Vary, null));
            Assert.True(ReferenceCountUtil.Release(response));
        }
Esempio n. 13
0
        public void SimpleRequestWithNullOrigin()
        {
            IHttpResponse response = SimpleRequest(CorsConfigBuilder.ForOrigin((AsciiString)"http://test.com")
                                                   .AllowNullOrigin()
                                                   .AllowCredentials()
                                                   .Build(), "null");

            Assert.Equal("null", response.Headers.Get(HttpHeaderNames.AccessControlAllowOrigin, null).ToString());
            Assert.Equal("true", response.Headers.Get(HttpHeaderNames.AccessControlAllowCredentials, null).ToString());
            Assert.Null(response.Headers.Get(HttpHeaderNames.AccessControlAllowHeaders, null));
        }
Esempio n. 14
0
        public void PreflightDeleteRequestWithCustomHeaders()
        {
            CorsConfig config = CorsConfigBuilder.ForOrigin(
                new AsciiString("http://localhost:8888")).AllowedRequestMethods(HttpMethod.Get, HttpMethod.Delete).Build();
            IHttpResponse response = PreflightRequest(config, "http://localhost:8888", "content-type, xheader1");

            Assert.Equal("http://localhost:8888", response.Headers.Get(HttpHeaderNames.AccessControlAllowOrigin, null));
            Assert.Contains("GET", response.Headers.Get(HttpHeaderNames.AccessControlAllowMethods, null).ToString());
            Assert.Contains("DELETE", response.Headers.Get(HttpHeaderNames.AccessControlAllowMethods, null).ToString());
            Assert.Equal(HttpHeaderNames.Origin.ToString(), response.Headers.Get(HttpHeaderNames.Vary, null));
        }
Esempio n. 15
0
        public void ForbiddenShouldReleaseRequest()
        {
            CorsConfig       config  = CorsConfigBuilder.ForOrigin((AsciiString)"https://localhost").ShortCircuit().Build();
            var              channel = new EmbeddedChannel(new CorsHandler(config), new EchoHandler());
            IFullHttpRequest request = CreateHttpRequest(HttpMethod.Get);

            request.Headers.Set(HttpHeaderNames.Origin, "http://localhost:8888");
            Assert.False(channel.WriteInbound(request));
            Assert.Equal(0, request.ReferenceCount);
            Assert.True(ReferenceCountUtil.Release(channel.ReadOutbound()));
            Assert.False(channel.Finish());
        }
Esempio n. 16
0
        public void PreflightRequestWithCustomHeaders()
        {
            const string HeaderName = "CustomHeader";
            const string Value1     = "value1";
            const string Value2     = "value2";
            CorsConfig   config     = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost:8888")
                                      .PreflightResponseHeader((AsciiString)HeaderName, (AsciiString)Value1, (AsciiString)Value2).Build();
            IHttpResponse response = PreflightRequest(config, "http://localhost:8888", "content-type, xheader1");

            AssertValues(response, HeaderName, Value1, Value2);
            Assert.Equal(HttpHeaderNames.Origin.ToString(), response.Headers.Get(HttpHeaderNames.Vary, null));
            Assert.Equal("0", response.Headers.Get(HttpHeaderNames.ContentLength, null).ToString());
        }
Esempio n. 17
0
        public void PreflightRequestShouldReleaseRequest()
        {
            CorsConfig config = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost:8888")
                                .PreflightResponseHeader((AsciiString)"CustomHeader", new List <ICharSequence> {
                (AsciiString)"value1", (AsciiString)"value2"
            })
                                .Build();
            var channel = new EmbeddedChannel(new CorsHandler(config));
            IFullHttpRequest request = OptionsRequest("http://localhost:8888", "content-type, xheader1", null);

            Assert.False(channel.WriteInbound(request));
            Assert.Equal(0, request.ReferenceCount);
            Assert.True(ReferenceCountUtil.Release(channel.ReadOutbound()));
            Assert.False(channel.Finish());
        }
Esempio n. 18
0
        public void PreflightRequestWithConnectionCloseShouldClose()
        {
            CorsConfig       config  = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost:8888").Build();
            var              channel = new EmbeddedChannel(new CorsHandler(config));
            IFullHttpRequest request = OptionsRequest("http://localhost:8888", "", HttpHeaderValues.Close);

            Assert.False(channel.WriteInbound(request));
            var response = channel.ReadOutbound <IHttpResponse>();

            Assert.False(HttpUtil.IsKeepAlive(response));

            Assert.False(channel.IsOpen);
            Assert.Equal(HttpResponseStatus.OK, response.Status);
            Assert.True(ReferenceCountUtil.Release(response));
            Assert.False(channel.Finish());
        }
Esempio n. 19
0
        public void PreflightRequestWithCustomHeadersIterable()
        {
            const string HeaderName = "CustomHeader";
            const string Value1     = "value1";
            const string Value2     = "value2";
            CorsConfig   config     = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost:8888")
                                      .PreflightResponseHeader((AsciiString)HeaderName, new List <ICharSequence> {
                (AsciiString)Value1, (AsciiString)Value2
            })
                                      .Build();
            IHttpResponse response = PreflightRequest(config, "http://localhost:8888", "content-type, xheader1");

            AssertValues(response, HeaderName, Value1, Value2);
            Assert.Equal(HttpHeaderNames.Origin.ToString(), response.Headers.Get(HttpHeaderNames.Vary, null));
            Assert.True(ReferenceCountUtil.Release(response));
        }
Esempio n. 20
0
        public void PreflightGetRequestWithCustomHeaders()
        {
            CorsConfig config = CorsConfigBuilder.ForOrigin(new AsciiString("http://localhost:8888"))
                                .AllowedRequestMethods(HttpMethod.Options, HttpMethod.Get, HttpMethod.Delete)
                                .AllowedRequestHeaders((AsciiString)"content-type", (AsciiString)"xheader1")
                                .Build();
            var response = PreflightRequest(config, "http://localhost:8888", "content-type, xheader1");

            Assert.Equal("http://localhost:8888", response.Headers.Get(HttpHeaderNames.AccessControlAllowOrigin, null));
            Assert.Contains("OPTIONS", response.Headers.Get(HttpHeaderNames.AccessControlAllowMethods, null).ToString());
            Assert.Contains("GET", response.Headers.Get(HttpHeaderNames.AccessControlAllowMethods, null).ToString());
            Assert.Contains("content-type", response.Headers.Get(HttpHeaderNames.AccessControlAllowHeaders, null).ToString());
            Assert.Contains("xheader1", response.Headers.Get(HttpHeaderNames.AccessControlAllowHeaders, null).ToString());
            Assert.Equal(HttpHeaderNames.Origin.ToString(), response.Headers.Get(HttpHeaderNames.Vary, null));
            Assert.True(ReferenceCountUtil.Release(response));
        }
Esempio n. 21
0
        public void ShortCircuitWithoutConnectionShouldStayOpen()
        {
            CorsConfig config = CorsConfigBuilder.ForOrigin((AsciiString)"http://localhost:8080")
                                .ShortCircuit().Build();
            var channel = new EmbeddedChannel(new CorsHandler(config));
            IFullHttpRequest request = CreateHttpRequest(HttpMethod.Get);

            request.Headers.Set(HttpHeaderNames.Origin, (AsciiString)"http://localhost:8888");

            Assert.False(channel.WriteInbound(request));
            var response = channel.ReadOutbound <IHttpResponse>();

            Assert.True(HttpUtil.IsKeepAlive(response));

            Assert.True(channel.IsOpen);
            Assert.Equal(HttpResponseStatus.Forbidden, response.Status);
            Assert.True(ReferenceCountUtil.Release(response));
            Assert.False(channel.Finish());
        }
Esempio n. 22
0
        public void DifferentConfigsPerOrigin()
        {
            var        host1 = "http://host1:80";
            var        host2 = "http://host2";
            CorsConfig rule1 = CorsConfigBuilder.ForOrigin((AsciiString)host1).AllowedRequestMethods(HttpMethod.Get).Build();
            CorsConfig rule2 = CorsConfigBuilder.ForOrigin((AsciiString)host2).AllowedRequestMethods(HttpMethod.Get, HttpMethod.Post)
                               .AllowCredentials().Build();

            List <CorsConfig> corsConfigs = new List <CorsConfig>(new[] { rule1, rule2 });

            var preFlightHost1 = PreflightRequest(corsConfigs, host1, "", false);

            Assert.Equal("GET", preFlightHost1.Headers.Get(HttpHeaderNames.AccessControlAllowMethods, null).ToString());
            Assert.Null(preFlightHost1.Headers.GetAsString(HttpHeaderNames.AccessControlAllowCredentials));

            var preFlightHost2 = PreflightRequest(corsConfigs, host2, "", false);

            AssertValues(preFlightHost2, HttpHeaderNames.AccessControlAllowMethods.ToString(), "GET", "POST");
            Assert.Equal("true", preFlightHost2.Headers.GetAsString(HttpHeaderNames.AccessControlAllowCredentials));
        }
Esempio n. 23
0
        public void SpecificConfigPrecedenceOverGeneric()
        {
            var host1 = "http://host1";
            var host2 = "http://host2";

            CorsConfig forHost1 = CorsConfigBuilder.ForOrigin((AsciiString)host1).AllowedRequestMethods(HttpMethod.Get).MaxAge(3600L).Build();
            CorsConfig allowAll = CorsConfigBuilder.ForAnyOrigin().AllowedRequestMethods(HttpMethod.Post, HttpMethod.Get, HttpMethod.Options)
                                  .MaxAge(1800).Build();

            List <CorsConfig> rules = new List <CorsConfig>(new[] { forHost1, allowAll });

            var host1Response = PreflightRequest(rules, host1, "", false);

            Assert.Equal("GET", host1Response.Headers.Get(HttpHeaderNames.AccessControlAllowMethods, null).ToString());
            Assert.Equal("3600", host1Response.Headers.GetAsString(HttpHeaderNames.AccessControlMaxAge));

            var host2Response = PreflightRequest(rules, host2, "", false);

            AssertValues(host2Response, HttpHeaderNames.AccessControlAllowMethods.ToString(), "POST", "GET", "OPTIONS");
            Assert.Equal("*", host2Response.Headers.GetAsString(HttpHeaderNames.AccessControlAllowOrigin));
            Assert.Equal("1800", host2Response.Headers.GetAsString(HttpHeaderNames.AccessControlMaxAge));
        }