msrd0/deprecated-gotham-restful
1
0
Fork 0
mirror of https://gitlab.com/msrd0/gotham-restful.git synced 2025-05-09 16:10:42 +00:00
Code Issues Releases Activity Actions

support copying headers in cors preflight requests

Browse source
This commit is contained in:
Dominic 2021-01-01 16:44:55 +01:00
parent b005346e54
commit 766bc9d17d
Signed by: msrd0
GPG key ID: DCC8C247452E98F9
5 changed files with 188 additions and 47 deletions
Download patch file Download diff file Expand all files Collapse all files

111
tests/cors_handling.rs
View file

@ -5,8 +5,11 @@ use gotham::{
router::builder::*,
test::{Server, TestRequest, TestServer}
};
use gotham_restful::{change_all, read_all, CorsConfig, DrawResources, Origin, Raw, Resource};
use itertools::Itertools;
use gotham_restful::{
change_all,
cors::{Headers, Origin},
read_all, CorsConfig, DrawResources, Raw, Resource
};
use mime::TEXT_PLAIN;
#[derive(Resource)]
@ -35,7 +38,7 @@ where
.unwrap();
assert_eq!(res.status(), StatusCode::NO_CONTENT);
let headers = res.headers();
println!("{}", headers.keys().join(","));
println!("{}", headers.keys().map(|name| name.as_str()).collect::<Vec<_>>().join(","));
assert_eq!(
headers
.get(ACCESS_CONTROL_ALLOW_ORIGIN)
@ -65,7 +68,7 @@ fn test_preflight(server: &TestServer, method: &str, origin: Option<&str>, vary:
.unwrap();
assert_eq!(res.status(), StatusCode::NO_CONTENT);
let headers = res.headers();
println!("{}", headers.keys().join(","));
println!("{}", headers.keys().map(|name| name.as_str()).collect::<Vec<_>>().join(","));
assert_eq!(
headers
.get(ACCESS_CONTROL_ALLOW_METHODS)
@ -98,12 +101,45 @@ fn test_preflight(server: &TestServer, method: &str, origin: Option<&str>, vary:
);
}
fn test_preflight_headers(
server: &TestServer,
method: &str,
request_headers: Option<&str>,
allowed_headers: Option<&str>,
vary: &str
) {
let client = server.client();
let mut res = client
.options("http://example.org/foo")
.with_header(ACCESS_CONTROL_REQUEST_METHOD, method.parse().unwrap())
.with_header(ORIGIN, "http://example.org".parse().unwrap());
if let Some(hdr) = request_headers {
res = res.with_header(ACCESS_CONTROL_REQUEST_HEADERS, hdr.parse().unwrap());
}
let res = res.perform().unwrap();
assert_eq!(res.status(), StatusCode::NO_CONTENT);
let headers = res.headers();
println!("{}", headers.keys().map(|name| name.as_str()).collect::<Vec<_>>().join(","));
if let Some(hdr) = allowed_headers {
assert_eq!(
headers
.get(ACCESS_CONTROL_ALLOW_HEADERS)
.and_then(|value| value.to_str().ok())
.as_deref(),
Some(hdr)
)
} else {
assert!(!headers.contains_key(ACCESS_CONTROL_ALLOW_HEADERS));
}
assert_eq!(headers.get(VARY).and_then(|value| value.to_str().ok()).as_deref(), Some(vary));
}
#[test]
fn cors_origin_none() {
let cfg = Default::default();
let server = test_server(cfg);
test_preflight(&server, "PUT", None, "Access-Control-Request-Method", false, 0);
test_preflight(&server, "PUT", None, "access-control-request-method", false, 0);
test_response(server.client().get("http://example.org/foo"), None, None, false);
test_response(
@ -122,7 +158,7 @@ fn cors_origin_star() {
};
let server = test_server(cfg);
test_preflight(&server, "PUT", Some("*"), "Access-Control-Request-Method", false, 0);
test_preflight(&server, "PUT", Some("*"), "access-control-request-method", false, 0);
test_response(server.client().get("http://example.org/foo"), Some("*"), None, false);
test_response(
@ -145,7 +181,7 @@ fn cors_origin_single() {
&server,
"PUT",
Some("https://foo.com"),
"Access-Control-Request-Method",
"access-control-request-method",
false,
0
);
@ -176,7 +212,7 @@ fn cors_origin_copy() {
&server,
"PUT",
Some("http://example.org"),
"Access-Control-Request-Method,Origin",
"access-control-request-method,origin",
false,
0
);
@ -184,17 +220,68 @@ fn cors_origin_copy() {
test_response(
server.client().get("http://example.org/foo"),
Some("http://example.org"),
Some("Origin"),
Some("origin"),
false
);
test_response(
server.client().put("http://example.org/foo", Body::empty(), TEXT_PLAIN),
Some("http://example.org"),
Some("Origin"),
Some("origin"),
false
);
}
#[test]
fn cors_headers_none() {
let cfg = Default::default();
let server = test_server(cfg);
test_preflight_headers(&server, "PUT", None, None, "access-control-request-method");
test_preflight_headers(&server, "PUT", Some("Content-Type"), None, "access-control-request-method");
}
#[test]
fn cors_headers_list() {
let cfg = CorsConfig {
headers: Headers::List(vec![CONTENT_TYPE]),
..Default::default()
};
let server = test_server(cfg);
test_preflight_headers(&server, "PUT", None, Some("content-type"), "access-control-request-method");
test_preflight_headers(
&server,
"PUT",
Some("content-type"),
Some("content-type"),
"access-control-request-method"
);
}
#[test]
fn cors_headers_copy() {
let cfg = CorsConfig {
headers: Headers::Copy,
..Default::default()
};
let server = test_server(cfg);
test_preflight_headers(
&server,
"PUT",
None,
None,
"access-control-request-method,access-control-request-headers"
);
test_preflight_headers(
&server,
"PUT",
Some("content-type"),
Some("content-type"),
"access-control-request-method,access-control-request-headers"
);
}
#[test]
fn cors_credentials() {
let cfg = CorsConfig {
@ -204,7 +291,7 @@ fn cors_credentials() {
};
let server = test_server(cfg);
test_preflight(&server, "PUT", None, "Access-Control-Request-Method", true, 0);
test_preflight(&server, "PUT", None, "access-control-request-method", true, 0);
test_response(server.client().get("http://example.org/foo"), None, None, true);
test_response(
@ -224,7 +311,7 @@ fn cors_max_age() {
};
let server = test_server(cfg);
test_preflight(&server, "PUT", None, "Access-Control-Request-Method", false, 31536000);
test_preflight(&server, "PUT", None, "access-control-request-method", false, 31536000);
test_response(server.client().get("http://example.org/foo"), None, None, false);
test_response(