func Benchmark_WithoutCORS(b *testing.B) {
recorder := httptest.NewRecorder()
m := martini.New()
b.ResetTimer()
for i := 0; i < b.N; i++ {
r, _ := http.NewRequest("PUT", "foo", nil)
m.ServeHTTP(recorder, r)
}
}
func Test_AllowAll(t *testing.T) {
recorder := httptest.NewRecorder()
m := martini.New()
m.Use(Allow(&Options{
AllowAllOrigins: true,
}))
r, _ := http.NewRequest("PUT", "foo", nil)
m.ServeHTTP(recorder, r)
if recorder.HeaderMap.Get(headerAllowOrigin) != "*" {
t.Errorf("Allow-Origin header should be *")
}
}
func Test_DefaultAllowHeaders(t *testing.T) {
recorder := httptest.NewRecorder()
m := martini.New()
m.Use(Allow(&Options{
AllowAllOrigins: true,
}))
r, _ := http.NewRequest("PUT", "foo", nil)
m.ServeHTTP(recorder, r)
headersVal := recorder.HeaderMap.Get(headerAllowHeaders)
if headersVal != "Origin,Accept,Content-Type,Authorization" {
t.Errorf("Allow-Headers is expected to be Origin,Accept,Content-Type,Authorization; found %v", headersVal)
}
}
func Test_AllowRegexNoMatch(t *testing.T) {
recorder := httptest.NewRecorder()
m := martini.New()
m.Use(Allow(&Options{
AllowOrigins: []string{"https://*.foo.com"},
}))
origin := "https://ww.foo.com.evil.com"
r, _ := http.NewRequest("PUT", "foo", nil)
r.Header.Add("Origin", origin)
m.ServeHTTP(recorder, r)
headerValue := recorder.HeaderMap.Get(headerAllowOrigin)
if headerValue != "" {
t.Errorf("Allow-Origin header should not exist, found %v", headerValue)
}
}
func Benchmark_WithCORS(b *testing.B) {
recorder := httptest.NewRecorder()
m := martini.New()
m.Use(Allow(&Options{
AllowAllOrigins: true,
AllowCredentials: true,
AllowMethods: []string{"PATCH", "GET"},
AllowHeaders: []string{"Origin", "X-whatever"},
MaxAge: 5 * time.Minute,
}))
b.ResetTimer()
for i := 0; i < b.N; i++ {
r, _ := http.NewRequest("PUT", "foo", nil)
m.ServeHTTP(recorder, r)
}
}
func Test_OtherHeaders(t *testing.T) {
recorder := httptest.NewRecorder()
m := martini.New()
m.Use(Allow(&Options{
AllowAllOrigins: true,
AllowCredentials: true,
AllowMethods: []string{"PATCH", "GET"},
AllowHeaders: []string{"Origin", "X-whatever"},
ExposeHeaders: []string{"Content-Length", "Hello"},
MaxAge: 5 * time.Minute,
}))
r, _ := http.NewRequest("PUT", "foo", nil)
m.ServeHTTP(recorder, r)
credentialsVal := recorder.HeaderMap.Get(headerAllowCredentials)
methodsVal := recorder.HeaderMap.Get(headerAllowMethods)
headersVal := recorder.HeaderMap.Get(headerAllowHeaders)
exposedHeadersVal := recorder.HeaderMap.Get(headerExposeHeaders)
maxAgeVal := recorder.HeaderMap.Get(headerMaxAge)
if credentialsVal != "true" {
t.Errorf("Allow-Credentials is expected to be true, found %v", credentialsVal)
}
if methodsVal != "PATCH,GET" {
t.Errorf("Allow-Methods is expected to be PATCH,GET; found %v", methodsVal)
}
if headersVal != "Origin,X-whatever" {
t.Errorf("Allow-Headers is expected to be Origin,X-whatever; found %v", headersVal)
}
if exposedHeadersVal != "Content-Length,Hello" {
t.Errorf("Expose-Headers are expected to be Content-Length,Hello. Found %v", exposedHeadersVal)
}
if maxAgeVal != "300" {
t.Errorf("Max-Age is expected to be 300, found %v", maxAgeVal)
}
}
