Latest
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148// Copyright 2019-2020 Yusuke Sakurai. All rights reserved. MIT license.import { group } from "../_test_util.ts";import { createRecorder } from "../testing.ts";import { cors } from "./cors.ts";import { assertEquals } from "../vendor/https/deno.land/std/testing/asserts.ts";group("cors", (t) => { t.test("basic", async () => { const r = createRecorder({ method: "OPTIONS", headers: new Headers({ "origin": "https://servestjs.org", "access-control-request-method": "GET", "access-control-request-headers": "x-servest-version", }), }); const m = cors({ origin: "https://servestjs.org", methods: ["GET", "HEAD"], allowedHeaders: ["x-servest-version", "x-deno-version"], exposedHeaders: ["x-node-version"], withCredentials: true, maxAge: 100, }); await m(r); const resp = await r.response(); assertEquals(resp.status, 204); assertEquals( resp.headers.get("access-control-allow-origin"), "https://servestjs.org", ); assertEquals( resp.headers.get("access-control-allow-methods"), "GET", ); assertEquals( resp.headers.get("access-control-allow-headers"), "x-servest-version", ); assertEquals( resp.headers.get("access-control-allow-credentials"), "true", ); assertEquals( resp.headers.get("access-control-max-age"), "100", ); });
t.test("shouldn't respond if method is not OPTIONS", () => { const m = cors({ origin: "*" }); const r = createRecorder(); m(r); assertEquals(r.isResponded(), false); assertEquals(r.responseHeaders.has("access-control-allow-origin"), false); });
t.test("shouldn't respond if origin isn't sent", async () => { const m = cors({ origin: "*" }); const r = createRecorder({ method: "OPTIONS" }); m(r); assertEquals(r.isResponded(), false); assertEquals(r.responseHeaders.has("access-control-allow-origin"), false); });
t.test("shouldn't allow if origin is not verified", async () => { const m = cors({ origin: "https://servestjs.org" }); const r = createRecorder({ method: "OPTIONS", headers: new Headers({ "origin": "https://deno.land", }), }); m(r); assertEquals(r.isResponded(), false); assertEquals(r.responseHeaders.has("access-control-allow-origin"), false); });
t.test("wildcard", async () => { const m = cors({ origin: "*" }); const r = createRecorder({ method: "OPTIONS", headers: new Headers({ "origin": "https://servestjs.org", }), }); await m(r); assertEquals(r.respondedStatus(), 204); assertEquals(r.responseHeaders.get("access-control-allow-origin"), "*"); });
t.test("verifiers", async () => { for ( const origin of [ "https://servestjs.org", /servestjs.org/, (f: string) => { return f === "https://servestjs.org"; }, ["https://deno.land", "https://servestjs.org"], ] ) { const m = cors({ origin }); const r = createRecorder({ method: "OPTIONS", headers: new Headers({ "origin": "https://servestjs.org", }), }); await m(r); assertEquals(r.respondedStatus(), 204); assertEquals( r.responseHeaders.get("access-control-allow-origin"), "https://servestjs.org", ); } });
t.test("Should respond the correct access-control-allow-origin header on other methods", async () => { const m = cors({ origin: "*" }); const r = createRecorder({ method: "POST", headers: new Headers({ "origin": "https://servestjs.org", }), }); await m(r); assertEquals(r.responseHeaders.get("access-control-allow-origin"), "*"); });
t.test("Should respond the correct access-control-expose-headers header on other methods", async () => { const m = cors({ origin: "*", exposedHeaders: ["x-node-version"], }); const r = createRecorder({ method: "POST", headers: new Headers({ "origin": "https://servestjs.org", }), }); await m(r); assertEquals( r.responseHeaders.get("access-control-expose-headers"), "x-node-version", ); });});