func TestPreflightRequest(t *testing.T) {
req, _ := http.NewRequest("OPTIONS", "/", nil)
w := httptest.NewRecorder()
req.Header.Set(OriginKey, "http://files.testing.com")
req.Header.Set(RequestMethodKey, "GET")
req.Header.Set(RequestHeadersKey, "Content-Type")
req.Header.Set(RequestHeadersKey, "accept")
router := gin.New()
router.Use(Middleware(config))
router.ServeHTTP(w, req)
if w.Header().Get(AllowMethodsKey) != "GET, POST" {
t.Fatal("Mismatch of methods.")
}
if w.Header().Get(AllowHeadersKey) != "Authorization, Content-Type, Accept" {
t.Fatal("Mismatch of headers.")
}
if w.Header().Get(MaxAgeKey) != "60" {
t.Fatal("Incorrect max age.")
}
if w.Header().Get(AllowOriginKey) != "http://files.testing.com" {
t.Fatal("Incorrect origin.")
}
if w.Header().Get(AllowCredentialsKey) != "true" {
t.Fatal("Incorrect credentials value")
}
}
func TestForceOrigin(t *testing.T) {
req, _ := http.NewRequest("GET", "/", nil)
w := httptest.NewRecorder()
req.Header.Set("Origin", "http://localhost")
router := gin.New()
router.Use(Middleware(config))
router.ServeHTTP(w, req)
if w.Header().Get(AllowOriginKey) == "" {
t.Fatal("Origin always matches, this header should be set.")
}
}
func TestNoOrigin(t *testing.T) {
req, _ := http.NewRequest("GET", "/", nil)
w := httptest.NewRecorder()
router := gin.New()
router.Use(Middleware(Config{
Origins: "http://testing.com",
}))
router.ServeHTTP(w, req)
if w.Header().Get(AllowOriginKey) != "" {
t.Fatal("This should not match.")
}
}
func TestMatchOrigin(t *testing.T) {
req, _ := http.NewRequest("GET", "/", nil)
w := httptest.NewRecorder()
req.Header.Set("Origin", "http://files.testing.com")
router := gin.New()
router.Use(Middleware(Config{
Origins: "http://files.testing.com",
}))
router.ServeHTTP(w, req)
if w.Header().Get(AllowOriginKey) == "" {
t.Fatal("Origin matches, this header should be set.")
}
}
func TestPreflightMethodMismatch(t *testing.T) {
req, _ := http.NewRequest("OPTIONS", "/", nil)
w := httptest.NewRecorder()
req.Header.Set(OriginKey, "http://files.testing.com")
req.Header.Set(RequestMethodKey, "PUT")
router := gin.New()
router.Use(Middleware(config))
router.ServeHTTP(w, req)
if w.Header().Get(AllowOriginKey) != "" {
t.Fatal("Cors headers should not be set.")
}
}
func ExampleMiddleware() {
// Initialize the gin-gonic router
router := gin.New()
// Set up CORS middleware options
config := cors.Config{
Origins: "*",
RequestHeaders: "Authorization",
Methods: "GET, POST, PUT",
Credentials: true,
ValidateHeaders: false,
MaxAge: 1 * time.Minute,
}
// Apply the middleware to the router (works on groups too)
router.Use(cors.Middleware(config))
}
func TestGzipPNG(t *testing.T) {
req, _ := http.NewRequest("GET", "/image.png", nil)
req.Header.Add("Accept-Encoding", "gzip")
router := gin.New()
router.Use(Gzip(DefaultCompression))
router.GET("/image.png", func(c *gin.Context) {
c.String(200, "this is a PNG!")
})
w := httptest.NewRecorder()
router.ServeHTTP(w, req)
assert.Equal(t, w.Code, 200)
assert.Equal(t, w.Header().Get("Content-Encoding"), "")
assert.Equal(t, w.Header().Get("Vary"), "")
assert.Equal(t, w.Body.String(), "this is a PNG!")
}
func TestForceOriginCredentails(t *testing.T) {
req, _ := http.NewRequest("GET", "/", nil)
w := httptest.NewRecorder()
req.Header.Set("Origin", "http://localhost")
router := gin.New()
router.Use(Middleware(Config{
Origins: "http://localhost",
ValidateHeaders: true,
Credentials: false,
RequestHeaders: "Authorization, Content-Type, Accept",
ExposedHeaders: "Authorization",
Methods: "GET, POST",
MaxAge: 1 * time.Minute,
}))
router.ServeHTTP(w, req)
if w.Header().Get(AllowOriginKey) != "http://localhost" {
t.Fatal("Improper Origin is set.")
}
}
