public async Task SendAsync_ReturnsAllowAOrigin(string httpMethod, string expectedOrigin) { HttpConfiguration config = new HttpConfiguration(); config.Routes.MapHttpRoute("default", "{controller}"); HttpServer server = new HttpServer(config); CorsMessageHandler corsHandler = new CorsMessageHandler(config); corsHandler.InnerHandler = server; HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler); HttpRequestMessage request = new HttpRequestMessage( new HttpMethod(httpMethod), "http://localhost/sample" ); request.Headers.Add(CorsConstants.Origin, "http://example.com"); HttpResponseMessage response = await invoker.SendAsync(request, CancellationToken.None); string origin = response.Headers .GetValues("Access-Control-Allow-Origin") .FirstOrDefault(); Assert.Equal(expectedOrigin, origin); }
public void SendAsync_Preflight_ReturnsAllowMethodsAndAllowHeaders(string requestedMethod, string expectedOrigin, string requestedHeaders) { HttpConfiguration config = new HttpConfiguration(); config.Routes.MapHttpRoute("default", "{controller}"); HttpServer server = new HttpServer(config); CorsMessageHandler corsHandler = new CorsMessageHandler(config); corsHandler.InnerHandler = server; HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample"); request.SetConfiguration(config); request.Headers.Add(CorsConstants.Origin, "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, requestedMethod); request.Headers.Add(CorsConstants.AccessControlRequestHeaders, requestedHeaders); HttpResponseMessage response = invoker.SendAsync(request, CancellationToken.None).Result; string origin = response.Headers.GetValues(CorsConstants.AccessControlAllowOrigin).FirstOrDefault(); string allowMethod = response.Headers.GetValues(CorsConstants.AccessControlAllowMethods).FirstOrDefault(); string[] allowHeaders = response.Headers.GetValues(CorsConstants.AccessControlAllowHeaders).FirstOrDefault().Split(','); string[] requestedHeaderArray = requestedHeaders.Split(','); Assert.Equal(HttpStatusCode.OK, response.StatusCode); Assert.Equal(expectedOrigin, origin); Assert.Equal(requestedMethod, allowMethod); foreach (string requestedHeader in requestedHeaderArray) { Assert.Contains(requestedHeader, allowHeaders); } }
public Task HandleCorsPreflightRequestAsync_NullContext_Throws() { CorsMessageHandler corsHandler = new CorsMessageHandler(new HttpConfiguration()); return(Assert.ThrowsArgumentNullAsync( () => corsHandler.HandleCorsPreflightRequestAsync(new HttpRequestMessage(), null, CancellationToken.None), "corsRequestContext")); }
public void HandleCorsPreflightRequestAsync_NullContext_Throws() { CorsMessageHandler corsHandler = new CorsMessageHandler(new HttpConfiguration()); Assert.ThrowsArgumentNull(() => { HttpResponseMessage response = corsHandler.HandleCorsPreflightRequestAsync(new HttpRequestMessage(), null, CancellationToken.None).Result; }, "corsRequestContext"); }
public void HandleCorsPreflightRequestAsync_ReturnsBadRequestWhenAccessControlRequestMethodIsInvalid() { CorsMessageHandler corsHandler = new CorsMessageHandler(new HttpConfiguration()); HttpResponseMessage response = corsHandler.HandleCorsPreflightRequestAsync(new HttpRequestMessage(), new CorsRequestContext { AccessControlRequestMethod = "Get-http://localhost" }, CancellationToken.None).Result; Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode); Assert.Equal("The \"Access-Control-Request-Method\" header value 'Get-http://localhost' is invalid.", response.Content.ReadAsAsync <HttpError>().Result.Message); }
public void HandleCorsPreflightRequestAsync_ReturnsBadRequestWhenAccessControlRequestMethodIsNullOrEmpty(string accessControlRequestMethod) { CorsMessageHandler corsHandler = new CorsMessageHandler(new HttpConfiguration()); HttpResponseMessage response = corsHandler.HandleCorsPreflightRequestAsync(new HttpRequestMessage(), new CorsRequestContext { AccessControlRequestMethod = accessControlRequestMethod }, CancellationToken.None).Result; Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode); Assert.Equal("The \"Access-Control-Request-Method\" header value cannot be null or empty.", response.Content.ReadAsAsync <HttpError>().Result.Message); }
public void SendAsync_DoesNotAddHeaders_WhenOriginIsMissing() { HttpConfiguration config = new HttpConfiguration(); config.Routes.MapHttpRoute("default", "{controller}"); HttpServer server = new HttpServer(config); CorsMessageHandler corsHandler = new CorsMessageHandler(config); corsHandler.InnerHandler = server; HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/sample"); HttpResponseMessage response = invoker.SendAsync(request, CancellationToken.None).Result; Assert.Empty(response.Headers); }
public void SendAsync_ReturnsAllowAOrigin(string httpMethod, string expectedOrigin) { HttpConfiguration config = new HttpConfiguration(); config.Routes.MapHttpRoute("default", "{controller}"); HttpServer server = new HttpServer(config); CorsMessageHandler corsHandler = new CorsMessageHandler(config); corsHandler.InnerHandler = server; HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler); HttpRequestMessage request = new HttpRequestMessage(new HttpMethod(httpMethod), "http://localhost/sample"); request.Headers.Add(CorsConstants.Origin, "http://example.com"); HttpResponseMessage response = invoker.SendAsync(request, CancellationToken.None).Result; string origin = response.Headers.GetValues("Access-Control-Allow-Origin").FirstOrDefault(); Assert.Equal(expectedOrigin, origin); }
public async Task SendAsync_Preflight_RethrowsExceptions_WhenRethrowFlagIsTrue() { HttpConfiguration config = new HttpConfiguration(); config.Routes.MapHttpRoute("default", "{controller}"); HttpServer server = new HttpServer(config); CorsMessageHandler corsHandler = new CorsMessageHandler(config, true); corsHandler.InnerHandler = server; HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample"); request.SetConfiguration(config); request.Headers.Add(CorsConstants.Origin, "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod"); await Assert.ThrowsAsync <HttpResponseException>(() => invoker.SendAsync(request, CancellationToken.None)); }
public async Task SendAsync_RethrowsExceptions_WhenRethrowFlagIsTrue() { HttpConfiguration config = new HttpConfiguration(); config.Routes.MapHttpRoute("default", "{controller}"); config.Services.Replace(typeof(IExceptionHandler), new PassthroughExceptionHandler()); HttpServer server = new HttpServer(config); CorsMessageHandler corsHandler = new CorsMessageHandler(config, true); corsHandler.InnerHandler = server; HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, "http://localhost/throwing"); request.SetConfiguration(config); request.Headers.Add(CorsConstants.Origin, "http://localhost"); await Assert.ThrowsAsync <Exception>(() => invoker.SendAsync(request, CancellationToken.None)); }
public void SendAsync_HandlesExceptions_ThrownDuringPreflight() { HttpConfiguration config = new HttpConfiguration(); config.Routes.MapHttpRoute("default", "{controller}"); HttpServer server = new HttpServer(config); CorsMessageHandler corsHandler = new CorsMessageHandler(config); corsHandler.InnerHandler = server; HttpMessageInvoker invoker = new HttpMessageInvoker(corsHandler); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Options, "http://localhost/sample"); request.SetConfiguration(config); request.Headers.Add(CorsConstants.Origin, "http://localhost"); request.Headers.Add(CorsConstants.AccessControlRequestMethod, "RandomMethod"); HttpResponseMessage response = invoker.SendAsync(request, CancellationToken.None).Result; Assert.Equal(HttpStatusCode.MethodNotAllowed, response.StatusCode); }
public void HandleCorsPreflightRequestAsync_ReturnsBadRequestWhenAccessControlRequestMethodIsInvalid() { CorsMessageHandler corsHandler = new CorsMessageHandler(new HttpConfiguration()); HttpResponseMessage response = corsHandler.HandleCorsPreflightRequestAsync(new HttpRequestMessage(), new CorsRequestContext { AccessControlRequestMethod = "Get-http://localhost" }, CancellationToken.None).Result; Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode); Assert.Equal("The \"Access-Control-Request-Method\" header value 'Get-http://localhost' is invalid.", response.Content.ReadAsAsync<HttpError>().Result.Message); }
public void HandleCorsPreflightRequestAsync_ReturnsBadRequestWhenAccessControlRequestMethodIsNullOrEmpty(string accessControlRequestMethod) { CorsMessageHandler corsHandler = new CorsMessageHandler(new HttpConfiguration()); HttpResponseMessage response = corsHandler.HandleCorsPreflightRequestAsync(new HttpRequestMessage(), new CorsRequestContext { AccessControlRequestMethod = accessControlRequestMethod }, CancellationToken.None).Result; Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode); Assert.Equal("The \"Access-Control-Request-Method\" header value cannot be null or empty.", response.Content.ReadAsAsync<HttpError>().Result.Message); }