-
Notifications
You must be signed in to change notification settings - Fork 48
/
cors.js
41 lines (39 loc) · 1.91 KB
/
cors.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
var request = require('request')
var test = require('tap').test
var startServerTest = require('../lib/start-server-test')
startServerTest(test, 'setting CORS headers', function (t, env_config, end) {
t.test('should respond to OPTIONS with the right CORS headers when no origin is given', function (tt) {
request.get(env_config.www_link + '/_api/_session/', {
headers: {
'transfer-encoding': 'chunked'
}
}, function (error, res) {
if (error) throw error
tt.is(res.headers['access-control-allow-origin'], '*')
tt.is(res.headers['access-control-allow-headers'], 'authorization, content-length, content-type, if-match, if-none-match, origin, x-requested-with, transfer-encoding, host, connection')
tt.is(res.headers['access-control-expose-headers'], 'content-type, content-length, etag')
tt.is(res.headers['access-control-allow-methods'], 'GET, PUT, POST, DELETE')
tt.is(res.headers['access-control-allow-credentials'], 'true')
tt.is(res.statusCode, 200)
tt.end()
})
})
t.test('should echo the origin back if one is given', function (tt) {
request.get(env_config.www_link + '/_api/_session/', {
headers: {
origin: 'http://some.app.com/',
'transfer-encoding': 'chunked'
}
}, function (error, res) {
if (error) throw error
tt.is(res.headers['access-control-allow-origin'], 'http://some.app.com/')
tt.is(res.headers['access-control-allow-headers'], 'authorization, content-length, content-type, if-match, if-none-match, origin, x-requested-with, transfer-encoding, host, connection')
tt.is(res.headers['access-control-expose-headers'], 'content-type, content-length, etag')
tt.is(res.headers['access-control-allow-methods'], 'GET, PUT, POST, DELETE')
tt.is(res.headers['access-control-allow-credentials'], 'true')
tt.is(res.statusCode, 200)
tt.end()
})
})
t.test('teardown', end)
})