public void EvaluatePolicy_NoOrigin_ReturnsInvalidResult() { // Arrange var corsService = new CorsService(new TestCorsOptions()); var requestContext = GetHttpContext("GET", origin: null); // Act var result = corsService.EvaluatePolicy(requestContext, new CorsPolicy()); // Assert Assert.Null(result.AllowedOrigin); Assert.False(result.VaryByOrigin); }
public void EvaluatePolicy_EmptyOriginsPolicy_ReturnsInvalidResult() { // Arrange var corsService = new CorsService(new TestCorsOptions()); var requestContext = GetHttpContext(origin: "http://example.com"); var policy = new CorsPolicy(); // Act var result = corsService.EvaluatePolicy(requestContext, policy); // Assert Assert.Null(result.AllowedOrigin); Assert.False(result.VaryByOrigin); }
public void EvaluatePolicy_AllowAnyOrigin_DoesNotSupportCredentials_EmitsWildcardForOrigin() { // Arrange var corsService = new CorsService(new TestCorsOptions()); var requestContext = GetHttpContext(origin: "http://example.com"); var policy = new CorsPolicy { SupportsCredentials = false }; policy.Origins.Add(CorsConstants.AnyOrigin); // Act var result = corsService.EvaluatePolicy(requestContext, policy); // Assert Assert.Equal("*", result.AllowedOrigin); }
public void EvaluatePolicy_AllowAnyOrigin_SupportsCredentials_AddsSpecificOrigin() { // Arrange var corsService = new CorsService(new TestCorsOptions()); var requestContext = GetHttpContext(origin: "http://example.com"); var policy = new CorsPolicy { SupportsCredentials = true }; policy.Origins.Add(CorsConstants.AnyOrigin); // Act var result = corsService.EvaluatePolicy(requestContext, policy); // Assert Assert.Equal("http://example.com", result.AllowedOrigin); Assert.True(result.VaryByOrigin); }
public void TryValidateOrigin_DoesCaseSensitiveComparison() { // Arrange var corsService = new CorsService(new TestCorsOptions()); var policy = new CorsPolicy(); policy.Origins.Add("http://Example.com"); var httpContext = GetHttpContext(origin: "http://example.com"); // Act var result = corsService.EvaluatePolicy(httpContext, policy); // Assert Assert.Empty(result.AllowedHeaders); Assert.Empty(result.AllowedMethods); Assert.Empty(result.AllowedExposedHeaders); Assert.Null(result.AllowedOrigin); }
public void EaluatePolicy_DoesCaseSensitiveComparison() { // Arrange var corsService = new CorsService(new TestCorsOptions()); var policy = new CorsPolicy(); policy.Methods.Add("POST"); var httpContext = GetHttpContext(origin: null, accessControlRequestMethod: "post"); // Act var result = corsService.EvaluatePolicy(httpContext, policy); // Assert Assert.Empty(result.AllowedHeaders); Assert.Empty(result.AllowedMethods); Assert.Empty(result.AllowedExposedHeaders); Assert.Null(result.AllowedOrigin); }
public void EvaluatePolicy_PreflightRequest_HeadersRequested_NotAllHeaderMatches_ReturnsInvalidResult() { // Arrange var corsService = new CorsService(new TestCorsOptions()); var requestContext = GetHttpContext( method: "OPTIONS", origin: "http://example.com", accessControlRequestMethod: "PUT", accessControlRequestHeaders: new[] { "match", "noMatch" }); var policy = new CorsPolicy(); policy.Origins.Add(CorsConstants.AnyOrigin); policy.Methods.Add("*"); policy.Headers.Add("match"); policy.Headers.Add("foo"); // Act var result = corsService.EvaluatePolicy(requestContext, policy); // Assert Assert.Empty(result.AllowedHeaders); Assert.Empty(result.AllowedMethods); Assert.Empty(result.AllowedExposedHeaders); Assert.Null(result.AllowedOrigin); }
public void EvaluatePolicy_PreflightRequest_HeadersRequested_AllowSomeHeaders_ReturnsSubsetOfListedHeaders() { // Arrange var corsService = new CorsService(new TestCorsOptions()); var requestContext = GetHttpContext( method: "OPTIONS", origin: "http://example.com", accessControlRequestMethod: "PUT", accessControlRequestHeaders: new[] { "content-type", "accept" }); var policy = new CorsPolicy(); policy.Origins.Add(CorsConstants.AnyOrigin); policy.Methods.Add("*"); policy.Headers.Add("foo"); policy.Headers.Add("bar"); policy.Headers.Add("Content-Type"); // Act var result = corsService.EvaluatePolicy(requestContext, policy); // Assert Assert.Equal(2, result.AllowedHeaders.Count); Assert.Contains("Content-Type", result.AllowedHeaders, StringComparer.OrdinalIgnoreCase); }
public void EvaluatePolicy_PreflightRequest_HeadersRequested_AllowAllHeaders_ReturnsRequestedHeaders() { // Arrange var corsService = new CorsService(new TestCorsOptions()); var requestContext = GetHttpContext( method: "OPTIONS", origin: "http://example.com", accessControlRequestMethod: "PUT", accessControlRequestHeaders: new[] { "foo", "bar" }); var policy = new CorsPolicy(); policy.Origins.Add(CorsConstants.AnyOrigin); policy.Methods.Add("*"); policy.Headers.Add("*"); // Act var result = corsService.EvaluatePolicy(requestContext, policy); // Assert Assert.Equal(2, result.AllowedHeaders.Count); Assert.Contains("foo", result.AllowedHeaders); Assert.Contains("bar", result.AllowedHeaders); }
public void EvaluatePolicy_PreflightRequest_ListedMethod_ReturnsSubsetOfListedMethods() { // Arrange var corsService = new CorsService(new TestCorsOptions()); var requestContext = GetHttpContext(method: "OPTIONS", origin: "http://example.com", accessControlRequestMethod: "PUT"); var policy = new CorsPolicy(); policy.Origins.Add(CorsConstants.AnyOrigin); policy.Methods.Add("PUT"); policy.Methods.Add("DELETE"); // Act var result = corsService.EvaluatePolicy(requestContext, policy); // Assert Assert.Equal(1, result.AllowedMethods.Count); Assert.Contains("PUT", result.AllowedMethods); }
public void EvaluatePolicy_PreflightRequest_PreflightMaxAge_PreflightMaxAgeSet() { // Arrange var corsService = new CorsService(new TestCorsOptions()); var requestContext = GetHttpContext(method: "OPTIONS", origin: "http://example.com", accessControlRequestMethod: "PUT"); var policy = new CorsPolicy { PreflightMaxAge = TimeSpan.FromSeconds(10) }; policy.Origins.Add(CorsConstants.AnyOrigin); policy.Methods.Add("*"); // Act var result = corsService.EvaluatePolicy(requestContext, policy); // Assert Assert.Equal(TimeSpan.FromSeconds(10), result.PreflightMaxAge); }
public void EvaluatePolicy_PreflightRequest_SupportsCredentials_AllowCredentialsReturnsTrue() { // Arrange var corsService = new CorsService(new TestCorsOptions()); var requestContext = GetHttpContext(method: "OPTIONS", origin: "http://example.com", accessControlRequestMethod: "PUT"); var policy = new CorsPolicy { SupportsCredentials = true }; policy.Origins.Add(CorsConstants.AnyOrigin); policy.Methods.Add("*"); // Act var result = corsService.EvaluatePolicy(requestContext, policy); // Assert Assert.True(result.SupportsCredentials); }
public void EvaluatePolicy_PreflightRequest_MethodNotAllowed_ReturnsInvalidResult() { // Arrange var corsService = new CorsService(new TestCorsOptions()); var requestContext = GetHttpContext(method: "OPTIONS", origin: "http://example.com", accessControlRequestMethod: "PUT"); var policy = new CorsPolicy(); policy.Origins.Add(CorsConstants.AnyOrigin); policy.Methods.Add("GET"); // Act var result = corsService.EvaluatePolicy(requestContext, policy); // Assert Assert.Empty(result.AllowedMethods); }
public void EvaluatePolicy_ManyExposedHeaders_HeadersAllowed() { // Arrange var corsService = new CorsService(new TestCorsOptions()); var requestContext = GetHttpContext(origin: "http://example.com"); var policy = new CorsPolicy(); policy.Origins.Add(CorsConstants.AnyOrigin); policy.ExposedHeaders.Add("foo"); policy.ExposedHeaders.Add("bar"); policy.ExposedHeaders.Add("baz"); // Act var result = corsService.EvaluatePolicy(requestContext, policy); // Assert Assert.Equal(3, result.AllowedExposedHeaders.Count); Assert.Contains("foo", result.AllowedExposedHeaders); Assert.Contains("bar", result.AllowedExposedHeaders); Assert.Contains("baz", result.AllowedExposedHeaders); }
public void EvaluatePolicy_NoExposedHeaders_NoAllowExposedHeaders() { // Arrange var corsService = new CorsService(new TestCorsOptions()); var requestContext = GetHttpContext(origin: "http://example.com"); var policy = new CorsPolicy(); policy.Origins.Add(CorsConstants.AnyOrigin); // Act var result = corsService.EvaluatePolicy(requestContext, policy); // Assert Assert.Empty(result.AllowedExposedHeaders); }
public void EvaluatePolicy_SupportsCredentials_AllowCredentialsReturnsTrue() { // Arrange var corsService = new CorsService(new TestCorsOptions()); var requestContext = GetHttpContext(origin: "http://example.com"); var policy = new CorsPolicy { SupportsCredentials = true }; policy.Origins.Add(CorsConstants.AnyOrigin); // Act var result = corsService.EvaluatePolicy(requestContext, policy); // Assert Assert.True(result.SupportsCredentials); }