public void NonNullCorsRequestContext_CallsPolicyProvider()
{
IAppBuilder builder = new AppBuilder();
bool wasCalled = false;
builder.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = ctx =>
{
wasCalled = true;
return Task.FromResult<CorsPolicy>(null);
}
}
});
builder.Run(context =>
{
context.Response.StatusCode = 200;
return Task.FromResult(0);
});
var app = (AppFunc)builder.Build(typeof(AppFunc));
IOwinRequest request = CreateRequest("http://localhost/sample");
request.Headers.Set(CorsConstants.Origin, "http://test");
app(request.Environment).Wait();
var response = new OwinResponse(request.Environment);
Assert.Equal(true, wasCalled);
}
public void Invoke_DoesNotAddHeaders_WhenOriginIsMissing()
{
IAppBuilder builder = new AppBuilder();
builder.UseCors(CorsOptions.AllowAll);
var app = (AppFunc)builder.Build(typeof(AppFunc));
IOwinRequest request = CreateRequest("http://localhost/sample");
app(request.Environment).Wait();
var response = new OwinResponse(request.Environment);
Assert.Empty(response.Headers);
}
public void NullPolicyProvider_CallsNext()
{
IAppBuilder builder = new AppBuilder();
builder.UseCors(new CorsOptions
{
});
builder.Run(context =>
{
context.Response.StatusCode = 200;
return Task.FromResult(0);
});
var app = (AppFunc)builder.Build(typeof(AppFunc));
IOwinRequest request = CreateRequest("http://localhost/sample");
app(request.Environment).Wait();
var response = new OwinResponse(request.Environment);
Assert.Equal(200, response.StatusCode);
Assert.Empty(response.Headers);
}
public void SendAsync_Preflight_ReturnsBadRequest_WhenHeaderIsNotAllowed()
{
IAppBuilder builder = new AppBuilder();
var policy = new CorsPolicy();
policy.AllowAnyMethod = true;
policy.Headers.Add("TEST");
policy.Origins.Add("http://www.example.com");
builder.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(policy)
}
});
var app = (AppFunc)builder.Build(typeof(AppFunc));
IOwinRequest request = CreateRequest("http://localhost/default");
request.Method = "OPTIONS";
request.Headers.Set(CorsConstants.Origin, "http://localhost");
request.Headers.Set(CorsConstants.AccessControlRequestMethod, "POST");
request.Headers.Set(CorsConstants.AccessControlRequestHeaders, "INVALID");
app(request.Environment).Wait();
var response = new OwinResponse(request.Environment);
string origin = response.Headers.Get(CorsConstants.AccessControlAllowOrigin);
Assert.Equal(400, response.StatusCode);
Assert.Equal(null, origin);
}
public void SendAsync_Preflight_ReturnsAllowMethodsAndAllowHeaders(string policyOrigin, string requestedMethod, string expectedOrigin, string requestedHeaders)
{
IAppBuilder builder = new AppBuilder();
var policy = new CorsPolicy
{
AllowAnyHeader = true,
AllowAnyMethod = true
};
if (policyOrigin == "*")
{
policy.AllowAnyOrigin = true;
}
else
{
foreach (var o in policyOrigin.Split(','))
{
policy.Origins.Add(o.Trim());
}
}
builder.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(policy)
}
});
builder.Use((context, next) => Task.FromResult<object>(null));
var app = (AppFunc)builder.Build(typeof(AppFunc));
IOwinRequest request = CreateRequest("http://localhost/sample");
request.Method = "OPTIONS";
request.Headers.Set(CorsConstants.Origin, "http://localhost");
request.Headers.Set(CorsConstants.AccessControlRequestMethod, requestedMethod);
request.Headers.Set(CorsConstants.AccessControlRequestHeaders, requestedHeaders);
app(request.Environment).Wait();
var response = new OwinResponse(request.Environment);
string origin = response.Headers.Get(CorsConstants.AccessControlAllowOrigin);
string allowMethod = response.Headers.Get(CorsConstants.AccessControlAllowMethods);
string[] allowHeaders = response.Headers.Get(CorsConstants.AccessControlAllowHeaders).Split(',');
string[] requestedHeaderArray = requestedHeaders.Split(',');
Assert.Equal(200, response.StatusCode);
Assert.Equal(expectedOrigin, origin);
Assert.Equal(requestedMethod, allowMethod);
foreach (var requestedHeader in requestedHeaderArray)
{
Assert.Contains(requestedHeader, allowHeaders);
}
request = CreateRequest("http://localhost/sample");
request.Method = requestedMethod;
request.Headers.Set(CorsConstants.Origin, "http://localhost");
foreach (var requestedHeader in requestedHeaderArray)
{
request.Headers.Set(requestedHeader, requestedHeader);
}
app(request.Environment).Wait();
response = new OwinResponse(request.Environment);
Assert.Equal(200, response.StatusCode);
Assert.Equal(expectedOrigin, origin);
}
public void SendAsync_ReturnsAllowAOrigin(string requestOrigin, string policyOrigin, string expectedOrigin)
{
IAppBuilder builder = new AppBuilder();
var policy = new CorsPolicy();
if (policyOrigin == "*")
{
policy.AllowAnyOrigin = true;
}
else
{
foreach (var o in policyOrigin.Split(','))
{
policy.Origins.Add(o.Trim());
}
}
builder.UseCors(new CorsOptions
{
PolicyProvider = new CorsPolicyProvider
{
PolicyResolver = context => Task.FromResult(policy)
}
});
builder.Use((context, next) => Task.FromResult<object>(null));
var app = (AppFunc)builder.Build(typeof(AppFunc));
IOwinRequest request = CreateRequest("http://localhost/sample");
if ("header_not_set" != requestOrigin)
{
request.Headers.Set(CorsConstants.Origin, requestOrigin);
}
app(request.Environment).Wait();
var response = new OwinResponse(request.Environment);
string origin = response.Headers.Get("Access-Control-Allow-Origin");
Assert.Equal(200, response.StatusCode);
Assert.Equal(expectedOrigin, origin);
}
