public void Cors_AllowedDomain() { // empty Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc", new string[0])); // regular domains Assert.AreEqual("abc", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "abc", "def" })); Assert.AreEqual("abc", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "def", "abc" })); Assert.AreEqual("abc-dev", SnCorsPolicyProvider.GetAllowedDomain("abc-dev", new[] { "abc-dev", "app123" })); Assert.AreEqual("app123", SnCorsPolicyProvider.GetAllowedDomain("app123", new[] { "abc-dev", "app123" })); // wildcard (all) Assert.AreEqual("*", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "*" })); Assert.AreEqual("*", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "*", "abc" })); Assert.AreEqual("abc", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "abc", "*" })); Assert.AreEqual("*", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "abcd", "*" })); Assert.AreEqual("*", SnCorsPolicyProvider.GetAllowedDomain("abc-dev", new[] { "*", "app123" })); Assert.AreEqual("*", SnCorsPolicyProvider.GetAllowedDomain("app123", new[] { "abc-dev", "*" })); // wildcard (subdomain) Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "*.abc" })); Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("def", new[] { "*.abc" })); Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc.com", new[] { "*.abc.com" })); Assert.AreEqual("abc", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "*.abc", "abc" })); Assert.AreEqual("abc", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "abc", "*.abc" })); Assert.AreEqual("*.abc", SnCorsPolicyProvider.GetAllowedDomain("sub1.abc", new[] { "*.abc" })); Assert.AreEqual("abc.*.abc", SnCorsPolicyProvider.GetAllowedDomain("abc.sub1.abc", new[] { "abc.*.abc" })); Assert.AreEqual("abc.*.abc", SnCorsPolicyProvider.GetAllowedDomain("abc.sub1.sub2.abc", new[] { "abc.*.abc" })); Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc.com", new[] { "abc.*.com" })); Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc..com", new[] { "abc.*.com" })); Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("nooo.abc.sub1.abc", new[] { "abc.*.abc" })); Assert.AreEqual("*.abc", SnCorsPolicyProvider.GetAllowedDomain("sub1.abc", new[] { "abcd", "sub1abc", "sub1abccom", "*.abc" })); Assert.AreEqual("*.abc", SnCorsPolicyProvider.GetAllowedDomain("sub-dev.abc", new[] { "*.abc", "app123.abc" })); Assert.AreEqual("*.abc", SnCorsPolicyProvider.GetAllowedDomain("a1b2c3--app-dev.abc", new[] { "sub.abc", "*.abc" })); Assert.AreEqual("abc.*.com", SnCorsPolicyProvider.GetAllowedDomain("abc.a1b2c3--app-dev.com", new[] { "abc.app.com", "abc.*.com" })); // wildcard (port) Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("ab:5000", new[] { "abc" })); Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("ab:5000", new[] { "abc:4000" })); Assert.AreEqual("abc:*", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "abc:*" })); Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("sub1.abc", new[] { "abc:*" })); Assert.AreEqual("abc:*", SnCorsPolicyProvider.GetAllowedDomain("abc:5000", new[] { "abc:*" })); Assert.AreEqual("abc:*", SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "abc:4000", "abc:*" })); Assert.AreEqual("abc:*", SnCorsPolicyProvider.GetAllowedDomain("abc:5000", new[] { "abc:4000", "abc:*" })); Assert.AreEqual("abc.com:*", SnCorsPolicyProvider.GetAllowedDomain("abc.com", new[] { "abc.com:*" })); Assert.AreEqual("*.abc.com:*", SnCorsPolicyProvider.GetAllowedDomain("sub1.abc.com", new[] { "*.abc.com:*" })); Assert.AreEqual("*.abc.com:*", SnCorsPolicyProvider.GetAllowedDomain("sub1.sub2.abc.com", new[] { "*.abc.com:*" })); Assert.AreEqual("abc.*.com:*", SnCorsPolicyProvider.GetAllowedDomain("abc.admin.com", new[] { "abc.*.com:*" })); Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc.com:5000", new[] { "abc.*.com:*" })); Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc..com:5000", new[] { "abc.*.com:*" })); Assert.AreEqual("abc.*.com:*", SnCorsPolicyProvider.GetAllowedDomain("abc.admin.sub1.com", new[] { "abc.*.com:*" })); Assert.AreEqual("abc.*.com:*", SnCorsPolicyProvider.GetAllowedDomain("abc.admin.sub1.com:5000", new[] { "abc.*.com:*" })); Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc.sub1.abc.com:5000", new[] { "abc.*.abc.com" })); Assert.AreEqual("*.abc.com:*", SnCorsPolicyProvider.GetAllowedDomain("sub-dev.abc.com:5000", new[] { "*.abc.com:*", "app123.abc.com:5000" })); Assert.AreEqual("*.abc.com:*", SnCorsPolicyProvider.GetAllowedDomain("a1b2c3--app-dev.abc.com:8888", new[] { "sub.abc.com:8888", "*.abc.com:*" })); Assert.AreEqual("abc.*.com:*", SnCorsPolicyProvider.GetAllowedDomain("abc.a1b2c3--app-dev.com:80", new[] { "abc.app.com:80", "abc.*.com:*" })); // invalid config Assert.AreEqual(null, SnCorsPolicyProvider.GetAllowedDomain("abc", new[] { "*abc" })); }
public async Task Cors_HttpContext_PolicyFound() { await Test(async() => { // default settings support localhost and sensenet.com var p = await AssertOriginPrivate("localhost", true); Assert.IsTrue(p.SupportsCredentials); p = await AssertOriginPrivate("localhost:123", true); Assert.IsTrue(p.SupportsCredentials); p = await AssertOriginPrivate("example.sensenet.com", true); Assert.IsTrue(p.SupportsCredentials); await AssertOriginPrivate("sensenet.com", false); await AssertOriginPrivate("example.com", false); }); async Task <CorsPolicy> AssertOriginPrivate(string origin, bool expected) { var cpp = new SnCorsPolicyProvider(null); var context = new DefaultHttpContext(); context.Request.Headers["Origin"] = origin; var p = await cpp.GetPolicyAsync(context, SnCorsPolicyProvider.DefaultSenseNetCorsPolicyName); Assert.AreEqual(expected, p.Origins.Contains(origin)); return(p); } }
public async Task Cors_HttpContext_PolicyNotFound() { var cpp = new SnCorsPolicyProvider(null); var hc = new DefaultHttpContext(); // no origin header Assert.IsNull(await cpp.GetPolicyAsync(hc, "sensenet")); // no policy name hc = new DefaultHttpContext(); hc.Request.Headers.Add("Origin", "abc"); Assert.IsNull(await cpp.GetPolicyAsync(hc, null)); // unknown policy name Assert.IsNull(await cpp.GetPolicyAsync(hc, "other")); }
public async Task Cors_HttpContext_PolicyFound() { await Test(async() => { // set allowed domains for test var setting = await Node.LoadAsync <Settings>( RepositoryPath.Combine(Repository.SettingsFolderPath, "Portal.settings"), CancellationToken.None); var currentSettingText = RepositoryTools.GetStreamString(setting.Binary.GetStream()); var newSettingText = EditJson(currentSettingText, @" { ""AllowedOriginDomains"": [ ""localhost:*"", ""*.sensenet.com"" ] } "); setting.Binary.SetStream(RepositoryTools.GetStreamFromString(newSettingText)); setting.Save(SavingMode.KeepVersion); // default settings support localhost and sensenet.com var p = await AssertOriginPrivate("localhost", true); Assert.IsTrue(p.SupportsCredentials); p = await AssertOriginPrivate("localhost:123", true); Assert.IsTrue(p.SupportsCredentials); p = await AssertOriginPrivate("example.sensenet.com", true); Assert.IsTrue(p.SupportsCredentials); await AssertOriginPrivate("sensenet.com", false); await AssertOriginPrivate("example.com", false); }); async Task <CorsPolicy> AssertOriginPrivate(string origin, bool expected) { var cpp = new SnCorsPolicyProvider(null); var context = new DefaultHttpContext(); context.Request.Headers["Origin"] = origin; var p = await cpp.GetPolicyAsync(context, SnCorsPolicyProvider.DefaultSenseNetCorsPolicyName); Assert.AreEqual(expected, p.Origins.Contains(origin)); return(p); } }
private static void AssertOrigin(string originHeader, string[] allowedOrigins, string expectedDomain) { var domainMatch = SnCorsPolicyProvider.GetAllowedDomain(originHeader, allowedOrigins); Assert.AreEqual(expectedDomain, domainMatch); }