public async Task Invoke_HasEndpointWithMutlipleMetadata_SkipCorsBecauseOfMetadataOrder()
{
// Arrange
var corsService = Mock.Of <ICorsService>();
var mockProvider = new Mock <ICorsPolicyProvider>();
var loggerFactory = NullLoggerFactory.Instance;
mockProvider.Setup(o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>()))
.Returns(Task.FromResult <CorsPolicy>(null))
.Verifiable();
var middleware = new CorsMiddleware(
Mock.Of <RequestDelegate>(),
corsService,
loggerFactory,
"DefaultPolicyName");
var httpContext = new DefaultHttpContext();
httpContext.SetEndpoint(new Endpoint(c => Task.CompletedTask, new EndpointMetadataCollection(new EnableCorsAttribute("MetadataPolicyName"), new DisableCorsAttribute()), "Test endpoint"));
httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" });
// Act
await middleware.Invoke(httpContext, mockProvider.Object);
// Assert
mockProvider.Verify(
o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>()),
Times.Never);
}
public Task Invoke(HttpContext context, RequestDelegate next)
{
context.Items.Add(ScriptConstants.CorsMiddlewareRequestDelegate, next);
// policy is supplied in the factory
return(_corsMiddleware.Invoke(context, null));
}
public async Task Invoke_HasEndpointWithEnableMetadata_HasSignificantDisableCors_ExecutesNextMiddleware()
{
// Arrange
var executed = false;
var corsService = Mock.Of <ICorsService>();
var policyProvider = Mock.Of <ICorsPolicyProvider>();
var loggerFactory = NullLoggerFactory.Instance;
var middleware = new CorsMiddleware(
c =>
{
executed = true;
return(Task.CompletedTask);
},
corsService,
loggerFactory,
"DefaultPolicyName");
var httpContext = new DefaultHttpContext();
httpContext.SetEndpoint(new Endpoint(c => Task.CompletedTask, new EndpointMetadataCollection(new EnableCorsAttribute(), new DisableCorsAttribute()), "Test endpoint"));
httpContext.Request.Method = "GET";
httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" });
httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, new[] { "GET" });
// Act
await middleware.Invoke(httpContext, policyProvider);
// Assert
Assert.True(executed);
Mock.Get(policyProvider).Verify(v => v.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>()), Times.Never());
Mock.Get(corsService).Verify(v => v.EvaluatePolicy(It.IsAny <HttpContext>(), It.IsAny <CorsPolicy>()), Times.Never());
}
public async Task DoesNotSetHeaders_ForNoPolicy()
{
// Arrange
var corsService = Mock.Of <ICorsService>();
var mockProvider = new Mock <ICorsPolicyProvider>();
var loggerFactory = NullLoggerFactory.Instance;
mockProvider.Setup(o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>()))
.Returns(Task.FromResult <CorsPolicy>(null))
.Verifiable();
var middleware = new CorsMiddleware(
Mock.Of <RequestDelegate>(),
corsService,
loggerFactory,
policyName: null);
var httpContext = new DefaultHttpContext();
httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" });
// Act
await middleware.Invoke(httpContext, mockProvider.Object);
// Assert
Assert.Equal(200, httpContext.Response.StatusCode);
Assert.Empty(httpContext.Response.Headers);
mockProvider.Verify(
o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>()),
Times.Once);
}
public async Task Invoke_HasEndpointWithEnableMetadata_HasSignificantDisableCors_ReturnsNoContentForPreflightRequest()
{
// Arrange
var corsService = Mock.Of <ICorsService>();
var policyProvider = Mock.Of <ICorsPolicyProvider>();
var loggerFactory = NullLoggerFactory.Instance;
var middleware = new CorsMiddleware(
c => { throw new Exception("Should not be called."); },
corsService,
loggerFactory,
"DefaultPolicyName");
var httpContext = new DefaultHttpContext();
httpContext.SetEndpoint(new Endpoint(c => Task.CompletedTask, new EndpointMetadataCollection(new EnableCorsAttribute(), new DisableCorsAttribute()), "Test endpoint"));
httpContext.Request.Method = "OPTIONS";
httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" });
httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, new[] { "GET" });
// Act
await middleware.Invoke(httpContext, policyProvider);
// Assert
Assert.Equal(StatusCodes.Status204NoContent, httpContext.Response.StatusCode);
}
public async Task Uses_PolicyProvider_AsFallback()
{
// Arrange
var corsService = Mock.Of <ICorsService>();
var mockProvider = new Mock <ICorsPolicyProvider>();
mockProvider.Setup(o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>()))
.Returns(Task.FromResult <CorsPolicy>(null))
.Verifiable();
var middleware = new CorsMiddleware(
Mock.Of <RequestDelegate>(),
corsService,
mockProvider.Object,
policyName: null);
var httpContext = new DefaultHttpContext();
httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" });
// Act
await middleware.Invoke(httpContext);
// Assert
mockProvider.Verify(
o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>()),
Times.Once);
}
public async Task Invoke_WithCustomPolicyProviderThatReturnsAsynchronously_Works()
{
// Arrange
var corsService = new CorsService(Options.Create(new CorsOptions()), NullLoggerFactory.Instance);
var mockProvider = new Mock <ICorsPolicyProvider>();
var loggerFactory = NullLoggerFactory.Instance;
var policy = new CorsPolicyBuilder()
.WithOrigins(OriginUrl)
.WithHeaders("AllowedHeader")
.Build();
mockProvider.Setup(o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>()))
.ReturnsAsync(policy, TimeSpan.FromMilliseconds(10));
var middleware = new CorsMiddleware(
Mock.Of <RequestDelegate>(),
corsService,
loggerFactory,
"DefaultPolicyName");
var httpContext = new DefaultHttpContext();
httpContext.Request.Method = "OPTIONS";
httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { OriginUrl });
httpContext.Request.Headers.Add(CorsConstants.AccessControlRequestMethod, new[] { "PUT" });
// Act
await middleware.Invoke(httpContext, mockProvider.Object);
// Assert
var response = httpContext.Response;
Assert.Collection(
response.Headers.OrderBy(o => o.Key),
kvp =>
{
Assert.Equal(CorsConstants.AccessControlAllowHeaders, kvp.Key);
Assert.Equal("AllowedHeader", Assert.Single(kvp.Value));
},
kvp =>
{
Assert.Equal(CorsConstants.AccessControlAllowOrigin, kvp.Key);
Assert.Equal(OriginUrl, Assert.Single(kvp.Value));
});
}
public async Task Invoke_HasEndpointRequireCorsMetadata_MiddlewareHasPolicy_RunsCorsWithPolicyName()
{
// Arrange
var defaultPolicy = new CorsPolicyBuilder().Build();
var metadataPolicy = new CorsPolicyBuilder().Build();
var mockCorsService = new Mock <ICorsService>();
var mockProvider = new Mock <ICorsPolicyProvider>();
var loggerFactory = NullLoggerFactory.Instance;
mockProvider.Setup(o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>()))
.Returns(Task.FromResult <CorsPolicy>(null))
.Verifiable();
mockCorsService.Setup(o => o.EvaluatePolicy(It.IsAny <HttpContext>(), It.IsAny <CorsPolicy>()))
.Returns(new CorsResult())
.Verifiable();
var middleware = new CorsMiddleware(
Mock.Of <RequestDelegate>(),
mockCorsService.Object,
defaultPolicy,
loggerFactory);
var httpContext = new DefaultHttpContext();
httpContext.SetEndpoint(new Endpoint(c => Task.CompletedTask, new EndpointMetadataCollection(new CorsPolicyMetadata(metadataPolicy)), "Test endpoint"));
httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" });
// Act
await middleware.Invoke(httpContext, mockProvider.Object);
// Assert
mockProvider.Verify(
o => o.GetPolicyAsync(It.IsAny <HttpContext>(), It.IsAny <string>()),
Times.Never);
mockCorsService.Verify(
o => o.EvaluatePolicy(It.IsAny <HttpContext>(), metadataPolicy),
Times.Once);
}
public async Task Invoke_WithoutEndpoint_InvokeFlagSet()
{
// Arrange
var corsService = Mock.Of <ICorsService>();
var mockProvider = Mock.Of <ICorsPolicyProvider>();
var loggerFactory = NullLoggerFactory.Instance;
var middleware = new CorsMiddleware(
Mock.Of <RequestDelegate>(),
corsService,
loggerFactory,
"DefaultPolicyName");
var httpContext = new DefaultHttpContext();
httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" });
// Act
await middleware.Invoke(httpContext, mockProvider);
// Assert
Assert.DoesNotContain(httpContext.Items, item => string.Equals(item.Key as string, "__CorsMiddlewareWithEndpointInvoked"));
}
public async Task Invoke_WithoutOrigin_InvokeFlagSet()
{
// Arrange
var corsService = Mock.Of <ICorsService>();
var mockProvider = Mock.Of <ICorsPolicyProvider>();
var loggerFactory = NullLoggerFactory.Instance;
var middleware = new CorsMiddleware(
Mock.Of <RequestDelegate>(),
corsService,
loggerFactory,
"DefaultPolicyName");
var httpContext = new DefaultHttpContext();
httpContext.SetEndpoint(new Endpoint(c => Task.CompletedTask, new EndpointMetadataCollection(new EnableCorsAttribute("MetadataPolicyName"), new DisableCorsAttribute()), "Test endpoint"));
// Act
await middleware.Invoke(httpContext, mockProvider);
// Assert
Assert.Contains(httpContext.Items, item => string.Equals(item.Key as string, "__CorsMiddlewareWithEndpointInvoked"));
}
public async Task Invoke(HttpContext context, RequestDelegate next)
{
context.Items.Add(ScriptConstants.CorsMiddlewareRequestDelegate, next);
await _corsMiddleware.Invoke(context);
}
public async Task DoesNotSetHeaders_ForNoPolicy()
{
// Arrange
var corsService = Mock.Of<ICorsService>();
var mockProvider = new Mock<ICorsPolicyProvider>();
mockProvider.Setup(o => o.GetPolicyAsync(It.IsAny<HttpContext>(), It.IsAny<string>()))
.Returns(Task.FromResult<CorsPolicy>(null))
.Verifiable();
var middleware = new CorsMiddleware(
Mock.Of<RequestDelegate>(),
corsService,
mockProvider.Object,
policyName: null);
var httpContext = new DefaultHttpContext();
httpContext.Request.Headers.Add(CorsConstants.Origin, new[] { "http://example.com" });
// Act
await middleware.Invoke(httpContext);
// Assert
Assert.Equal(200, httpContext.Response.StatusCode);
Assert.Empty(httpContext.Response.Headers);
mockProvider.Verify(
o => o.GetPolicyAsync(It.IsAny<HttpContext>(), It.IsAny<string>()),
Times.Once);
}
