diff options
author | Christopher Speller <crspeller@gmail.com> | 2017-11-13 09:09:58 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-11-13 09:09:58 -0800 |
commit | 1329aa51b605cb54ba9aae3a82a0a87b881fb7b3 (patch) | |
tree | 93cbf354ab894a560fc2cef8ef685d681b4ff889 /vendor/github.com/gorilla/handlers/cors_test.go | |
parent | 7304a61ef597970be3031b14e652fb3a4df44304 (diff) | |
download | chat-1329aa51b605cb54ba9aae3a82a0a87b881fb7b3.tar.gz chat-1329aa51b605cb54ba9aae3a82a0a87b881fb7b3.tar.bz2 chat-1329aa51b605cb54ba9aae3a82a0a87b881fb7b3.zip |
Updating server dependancies. (#7816)
Diffstat (limited to 'vendor/github.com/gorilla/handlers/cors_test.go')
-rw-r--r-- | vendor/github.com/gorilla/handlers/cors_test.go | 37 |
1 files changed, 36 insertions, 1 deletions
diff --git a/vendor/github.com/gorilla/handlers/cors_test.go b/vendor/github.com/gorilla/handlers/cors_test.go index c63913eee..61eb18f77 100644 --- a/vendor/github.com/gorilla/handlers/cors_test.go +++ b/vendor/github.com/gorilla/handlers/cors_test.go @@ -327,10 +327,45 @@ func TestCORSHandlerWithCustomValidator(t *testing.T) { return false } - CORS(AllowedOriginValidator(originValidator))(testHandler).ServeHTTP(rr, r) + // Specially craft a CORS object. + handleFunc := func(h http.Handler) http.Handler { + c := &cors{ + allowedMethods: defaultCorsMethods, + allowedHeaders: defaultCorsHeaders, + allowedOrigins: []string{"http://a.example.com"}, + h: h, + } + AllowedOriginValidator(originValidator)(c) + return c + } + + handleFunc(testHandler).ServeHTTP(rr, r) header := rr.HeaderMap.Get(corsAllowOriginHeader) if header != r.URL.String() { t.Fatalf("bad header: expected %s to be %s, got %s.", corsAllowOriginHeader, r.URL.String(), header) } } + +func TestCORSAllowStar(t *testing.T) { + r := newRequest("GET", "http://a.example.com") + r.Header.Set("Origin", r.URL.String()) + rr := httptest.NewRecorder() + + testHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {}) + originValidator := func(origin string) bool { + if strings.HasSuffix(origin, ".example.com") { + return true + } + return false + } + + CORS(AllowedOriginValidator(originValidator))(testHandler).ServeHTTP(rr, r) + header := rr.HeaderMap.Get(corsAllowOriginHeader) + // Because * is the default CORS policy (which is safe), we should be + // expect a * returned here as the Access Control Allow Origin header + if header != "*" { + t.Fatalf("bad header: expected %s to be %s, got %s.", corsAllowOriginHeader, r.URL.String(), header) + } + +} |