TheCloud/v
1
0
Fork 0
mirror of https://github.com/vlang/v.git synced 2025-08-03 17:57:59 -04:00
Code Issues Packages Projects Releases Wiki Activity
v/vlib/veb/tests/cors_regression_test.v

160 lines
3.5 KiB
V
Raw Permalink Blame History

import veb
import net.http
import time
import os
const base_port = 13013
const exit_after = time.second * 10
const allowed_origin = 'https://vlang.io'
fn get_port_and_url(test_number int) (int, string) {
p := base_port + test_number
return p, 'http://localhost:${p}'
}
pub struct Context {
veb.Context
}
pub struct App {
veb.Middleware[Context]
mut:
started chan bool
}
pub fn (mut app App) before_accept_loop() {
app.started <- true
}
pub fn (app &App) index(mut ctx Context) veb.Result {
return ctx.text('index')
}
fn setup(port int, o veb.CorsOptions) ! {
os.chdir(os.dir(@FILE))!
go fn () {
time.sleep(exit_after)
assert false, 'timeout reached!'
exit(1)
}()
mut app := &App{}
app.use(veb.cors[Context](o))
go veb.run_at[App, Context](mut app, port: port, timeout_in_seconds: 2)
// app startup time
_ := <-app.started
}
fn test_no_user_provided_allowed_headers() {
port, localserver := get_port_and_url(1)
setup(port, veb.CorsOptions{
origins: [allowed_origin]
})!
x := http.fetch(http.FetchConfig{
url: localserver
method: http.Method.options
header: http.new_header_from_map({
http.CommonHeader.origin: allowed_origin
})
})!
assert x.status() == http.Status.ok
if header := x.header.get(.access_control_allow_headers) {
assert false, 'Header should not be set'
}
}
fn test_user_provided_allowed_header() {
port, localserver := get_port_and_url(2)
setup(port, veb.CorsOptions{
origins: [allowed_origin]
allowed_headers: ['content-type']
})!
x := http.fetch(http.FetchConfig{
url: localserver
method: http.Method.options
header: http.new_header_from_map({
http.CommonHeader.origin: allowed_origin
})
})!
assert x.status() == http.Status.ok
if header := x.header.get(.access_control_allow_headers) {
assert header == 'content-type'
} else {
assert false, 'Header not set'
}
}
fn test_user_provided_allowed_header_wildcard() {
port, localserver := get_port_and_url(3)
setup(port, veb.CorsOptions{
origins: [allowed_origin]
allowed_headers: ['*']
})!
x := http.fetch(http.FetchConfig{
url: localserver
method: http.Method.options
header: http.new_header_from_map({
http.CommonHeader.origin: allowed_origin
})
})!
assert x.status() == http.Status.ok
if header := x.header.get(.access_control_allow_headers) {
assert header == '*'
} else {
assert false, 'Header not set'
}
}
fn test_request_has_access_control_request_headers() {
port, localserver := get_port_and_url(4)
setup(port, veb.CorsOptions{
origins: [allowed_origin]
})!
x := http.fetch(http.FetchConfig{
url: localserver
method: http.Method.options
header: http.new_header_from_map({
http.CommonHeader.origin: allowed_origin
http.CommonHeader.access_control_request_headers: 'any-value'
})
})!
assert x.status() == http.Status.ok
if header := x.header.get(http.CommonHeader.access_control_allow_headers) {
assert header == veb.cors_safelisted_response_headers
} else {
assert false, 'Header not set'
}
}
fn test_allow_credentials_non_preflight() {
port, localserver := get_port_and_url(5)
setup(port, veb.CorsOptions{
origins: [allowed_origin]
allowed_methods: [http.Method.get]
allow_credentials: true
})!
x := http.fetch(http.FetchConfig{
url: localserver
header: http.new_header_from_map({
http.CommonHeader.origin: allowed_origin
})
})!
assert x.status() == http.Status.ok
if header := x.header.get(http.CommonHeader.access_control_allow_credentials) {
assert header == 'true'
} else {
assert false, 'Header not set'
}
}
Reference in New Issue View Git Blame Copy Permalink