func TestDisallowedHeader(t *testing.T) {
s := ctxcors.New(
ctxcors.WithLogger(log.NewBlackHole()),
ctxcors.WithAllowedOrigins("http://foobar.com"),
ctxcors.WithAllowedHeaders("X-Header-1", "x-header-2"),
)
res := httptest.NewRecorder()
req, _ := http.NewRequest("OPTIONS", "http://example.com/foo", nil)
req.Header.Add("Origin", "http://foobar.com")
req.Header.Add("Access-Control-Request-Method", "GET")
req.Header.Add("Access-Control-Request-Headers", "X-Header-3, X-Header-1")
s.WithCORS()(testHandler).ServeHTTPContext(context.Background(), res, req)
assertHeaders(t, res.Header(), map[string]string{
"Vary": "Origin, Access-Control-Request-Method, Access-Control-Request-Headers",
"Access-Control-Allow-Origin": "",
"Access-Control-Allow-Methods": "",
"Access-Control-Allow-Headers": "",
"Access-Control-Allow-Credentials": "",
"Access-Control-Max-Age": "",
"Access-Control-Expose-Headers": "",
})
}
func BenchmarkAllowedOrigin(b *testing.B) {
res := FakeResponse{http.Header{}}
req, _ := http.NewRequest("GET", "http://example.com/foo", nil)
req.Header.Add("Origin", "somedomain.com")
handler := ctxcors.New(ctxcors.WithAllowedOrigins("somedomain.com")).WithCORS()(testHandler)
ctx := context.Background()
b.ReportAllocs()
b.ResetTimer()
for i := 0; i < b.N; i++ {
if err := handler(ctx, res, req); err != nil {
b.Fatal(err)
}
}
}
func TestMatchAllOrigin(t *testing.T) {
s := ctxcors.New(
ctxcors.WithAllowedOrigins("*"),
ctxcors.WithLogger(log.NewBlackHole()),
)
res := httptest.NewRecorder()
req, _ := http.NewRequest("GET", "http://example.com/foo", nil)
req.Header.Add("Origin", "http://foobar.com")
s.WithCORS()(testHandler)(context.Background(), res, req)
assertHeaders(t, res.Header(), map[string]string{
"Vary": "Origin",
"Access-Control-Allow-Origin": "http://foobar.com",
"Access-Control-Allow-Methods": "",
"Access-Control-Allow-Headers": "",
"Access-Control-Allow-Credentials": "",
"Access-Control-Max-Age": "",
"Access-Control-Expose-Headers": "",
})
}