public void NonNullCorsRequestContext_CallsPolicyProvider() { IAppBuilder builder = new AppBuilder(); bool wasCalled = false; builder.UseCors(new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = ctx => { wasCalled = true; return Task.FromResult<CorsPolicy>(null); } } }); builder.Run(context => { context.Response.StatusCode = 200; return Task.FromResult(0); }); var app = (AppFunc)builder.Build(typeof(AppFunc)); IOwinRequest request = CreateRequest("http://localhost/sample"); request.Headers.Set(CorsConstants.Origin, "http://test"); app(request.Environment).Wait(); var response = new OwinResponse(request.Environment); Assert.Equal(true, wasCalled); }
public void Invoke_DoesNotAddHeaders_WhenOriginIsMissing() { IAppBuilder builder = new AppBuilder(); builder.UseCors(CorsOptions.AllowAll); var app = (AppFunc)builder.Build(typeof(AppFunc)); IOwinRequest request = CreateRequest("http://localhost/sample"); app(request.Environment).Wait(); var response = new OwinResponse(request.Environment); Assert.Empty(response.Headers); }
public void NullPolicyProvider_CallsNext() { IAppBuilder builder = new AppBuilder(); builder.UseCors(new CorsOptions { }); builder.Run(context => { context.Response.StatusCode = 200; return Task.FromResult(0); }); var app = (AppFunc)builder.Build(typeof(AppFunc)); IOwinRequest request = CreateRequest("http://localhost/sample"); app(request.Environment).Wait(); var response = new OwinResponse(request.Environment); Assert.Equal(200, response.StatusCode); Assert.Empty(response.Headers); }
public void SendAsync_Preflight_ReturnsBadRequest_WhenHeaderIsNotAllowed() { IAppBuilder builder = new AppBuilder(); var policy = new CorsPolicy(); policy.AllowAnyMethod = true; policy.Headers.Add("TEST"); policy.Origins.Add("http://www.example.com"); builder.UseCors(new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(policy) } }); var app = (AppFunc)builder.Build(typeof(AppFunc)); IOwinRequest request = CreateRequest("http://localhost/default"); request.Method = "OPTIONS"; request.Headers.Set(CorsConstants.Origin, "http://localhost"); request.Headers.Set(CorsConstants.AccessControlRequestMethod, "POST"); request.Headers.Set(CorsConstants.AccessControlRequestHeaders, "INVALID"); app(request.Environment).Wait(); var response = new OwinResponse(request.Environment); string origin = response.Headers.Get(CorsConstants.AccessControlAllowOrigin); Assert.Equal(400, response.StatusCode); Assert.Equal(null, origin); }
public void SendAsync_Preflight_ReturnsAllowMethodsAndAllowHeaders(string policyOrigin, string requestedMethod, string expectedOrigin, string requestedHeaders) { IAppBuilder builder = new AppBuilder(); var policy = new CorsPolicy { AllowAnyHeader = true, AllowAnyMethod = true }; if (policyOrigin == "*") { policy.AllowAnyOrigin = true; } else { foreach (var o in policyOrigin.Split(',')) { policy.Origins.Add(o.Trim()); } } builder.UseCors(new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(policy) } }); builder.Use((context, next) => Task.FromResult<object>(null)); var app = (AppFunc)builder.Build(typeof(AppFunc)); IOwinRequest request = CreateRequest("http://localhost/sample"); request.Method = "OPTIONS"; request.Headers.Set(CorsConstants.Origin, "http://localhost"); request.Headers.Set(CorsConstants.AccessControlRequestMethod, requestedMethod); request.Headers.Set(CorsConstants.AccessControlRequestHeaders, requestedHeaders); app(request.Environment).Wait(); var response = new OwinResponse(request.Environment); string origin = response.Headers.Get(CorsConstants.AccessControlAllowOrigin); string allowMethod = response.Headers.Get(CorsConstants.AccessControlAllowMethods); string[] allowHeaders = response.Headers.Get(CorsConstants.AccessControlAllowHeaders).Split(','); string[] requestedHeaderArray = requestedHeaders.Split(','); Assert.Equal(200, response.StatusCode); Assert.Equal(expectedOrigin, origin); Assert.Equal(requestedMethod, allowMethod); foreach (var requestedHeader in requestedHeaderArray) { Assert.Contains(requestedHeader, allowHeaders); } request = CreateRequest("http://localhost/sample"); request.Method = requestedMethod; request.Headers.Set(CorsConstants.Origin, "http://localhost"); foreach (var requestedHeader in requestedHeaderArray) { request.Headers.Set(requestedHeader, requestedHeader); } app(request.Environment).Wait(); response = new OwinResponse(request.Environment); Assert.Equal(200, response.StatusCode); Assert.Equal(expectedOrigin, origin); }
public void SendAsync_ReturnsAllowAOrigin(string requestOrigin, string policyOrigin, string expectedOrigin) { IAppBuilder builder = new AppBuilder(); var policy = new CorsPolicy(); if (policyOrigin == "*") { policy.AllowAnyOrigin = true; } else { foreach (var o in policyOrigin.Split(',')) { policy.Origins.Add(o.Trim()); } } builder.UseCors(new CorsOptions { PolicyProvider = new CorsPolicyProvider { PolicyResolver = context => Task.FromResult(policy) } }); builder.Use((context, next) => Task.FromResult<object>(null)); var app = (AppFunc)builder.Build(typeof(AppFunc)); IOwinRequest request = CreateRequest("http://localhost/sample"); if ("header_not_set" != requestOrigin) { request.Headers.Set(CorsConstants.Origin, requestOrigin); } app(request.Environment).Wait(); var response = new OwinResponse(request.Environment); string origin = response.Headers.Get("Access-Control-Allow-Origin"); Assert.Equal(200, response.StatusCode); Assert.Equal(expectedOrigin, origin); }