public async Task DefaultAccessControlAllowOriginHeaderToAsterisk()
{
var middleware = new HttpCorsMiddleware();
var previousResponse = new APIGatewayProxyResponse();
await middleware.Before(request, context);
var response = await middleware.After(previousResponse, context);
response.Headers.Should().Contain("Access-Control-Allow-Origin", "*");
}
public async Task UseOriginSpecifiedInOptions()
{
var middleware = new HttpCorsMiddleware(new CorsOptions {
Origin = "http://example.com"
});
var previousResponse = new APIGatewayProxyResponse();
await middleware.Before(request, context);
var response = await middleware.After(previousResponse, context);
response.Headers.Should().Contain("Access-Control-Allow-Origin", "http://example.com");
}
public async Task NotChangeAnythingIfHttpMethodIsNotPresentInTheRequest()
{
var middleware = new HttpCorsMiddleware(new CorsOptions());
var previousResponse = new APIGatewayProxyResponse();
request.HttpMethod = string.Empty;
await middleware.Before(request, context);
var response = await middleware.After(previousResponse, context);
response.Should().Be(previousResponse);
}
public async Task SetAccessControlMaxAgeHeaderIfPresentInConfig()
{
var middleware = new HttpCorsMiddleware(new CorsOptions
{
MaxAge = "3600"
});
var previousResponse = new APIGatewayProxyResponse();
await middleware.Before(request, context);
var response = await middleware.After(previousResponse, context);
response.Headers.Should().Contain("Access-Control-Max-Age", "3600");
}
public async Task ReturnFirstOriginAsDefaultIfNoMatch(string headerName)
{
var middleware = new HttpCorsMiddleware(new CorsOptions {
Origins = new[] { "http://example.com", "http://another-example.com" }
});
var previousResponse = new APIGatewayProxyResponse();
request.Headers.Add(headerName, "http://yet-another-example.com");
await middleware.Before(request, context);
var response = await middleware.After(previousResponse, context);
response.Headers.Should().Contain("Access-Control-Allow-Origin", "http://example.com");
}
public async Task UseChangeCredentialsAsSpecifiedInOptions(bool configValue, string expectedHeader)
{
var middleware = new HttpCorsMiddleware(new CorsOptions
{
Credentials = configValue
});
var previousResponse = new APIGatewayProxyResponse();
await middleware.Before(request, context);
var response = await middleware.After(previousResponse, context);
response.Headers.Should().Contain("Access-Control-Allow-Origin", "*");
response.Headers.Should().Contain("Access-Control-Allow-Credentials", expectedHeader);
}
public async Task NotOverrideAlreadyDeclaredAccessControlAllowOriginHeader()
{
var middleware = new HttpCorsMiddleware();
var previousResponse = new APIGatewayProxyResponse
{
Headers = new Dictionary <string, string>
{
{ "Access-Control-Allow-Origin", "http://example.com" }
}
};
await middleware.Before(request, context);
var response = await middleware.After(previousResponse, context);
response.Headers.Should().Contain("Access-Control-Allow-Origin", "http://example.com");
}
public async Task NotOverwriteAccessControlMaxAgeHeaderIfAlreadySet()
{
var middleware = new HttpCorsMiddleware(new CorsOptions
{
MaxAge = "3600"
});
var previousResponse = new APIGatewayProxyResponse
{
Headers = new Dictionary <string, string>
{
{ "Access-Control-Max-Age", "-1" }
}
};
await middleware.Before(request, context);
var response = await middleware.After(previousResponse, context);
response.Headers.Should().Contain("Access-Control-Max-Age", "-1");
}
public async Task SetCacheControlHeaderIfPresentInConfigAndHttpMethodIsOptions(string configValue, string httpMethod, string expectedHeader)
{
var middleware = new HttpCorsMiddleware(new CorsOptions
{
CacheControl = configValue
});
var previousResponse = new APIGatewayProxyResponse();
request.HttpMethod = httpMethod;
await middleware.Before(request, context);
var response = await middleware.After(previousResponse, context);
response.Headers.Should().Contain("Access-Control-Allow-Origin", "*");
if (!string.IsNullOrWhiteSpace(expectedHeader))
{
response.Headers.Should().Contain("Cache-Control", expectedHeader);
}
}
public async Task NotOverrideAlreadyDeclaredAccessControlAllowCredentialsHeader(string incomingHeader,
bool configValue)
{
var middleware = new HttpCorsMiddleware(new CorsOptions
{
Credentials = configValue
});
var previousResponse = new APIGatewayProxyResponse
{
Headers = new Dictionary <string, string>
{
{ "Access-Control-Allow-Credentials", incomingHeader }
}
};
await middleware.Before(request, context);
var response = await middleware.After(previousResponse, context);
response.Headers.Should().Contain("Access-Control-Allow-Origin", "*");
response.Headers.Should().Contain("Access-Control-Allow-Credentials", incomingHeader);
}
public async Task NotOverwriteCacheControlHeaderIfAlreadySet()
{
var middleware = new HttpCorsMiddleware(new CorsOptions
{
CacheControl = "max-age=3600, s-maxage=3600, proxy-revalidate"
});
var previousResponse = new APIGatewayProxyResponse
{
Headers = new Dictionary <string, string>
{
{ "Cache-Control", "max-age=1200" }
}
};
request.HttpMethod = "OPTIONS";
await middleware.Before(request, context);
var response = await middleware.After(previousResponse, context);
response.Headers.Should().Contain("Access-Control-Allow-Origin", "*");
response.Headers.Should().Contain("Cache-Control", "max-age=1200");
}
