Permalink
Browse files

add in CORS test

  • Loading branch information...
1 parent 9752f2b commit 8ce91f2ed18a9d1dfd025aad46fd382070591d12 @andymckay andymckay committed Apr 10, 2013
Showing with 22 additions and 6 deletions.
  1. +15 −0 apps/amo/tests/__init__.py
  2. +4 −0 mkt/api/middleware.py
  3. +3 −6 mkt/webpay/tests.py
View
@@ -409,6 +409,21 @@ def assertImmediate(self, response):
ok_(isinstance(exc.response, response),
'Expected %s, got %s' % (response, exc.response.__class__))
+ def assertCORS(self, res, *verbs):
+ """
+ Determines if a response has suitable CORS headers. Appends 'OPTIONS'
+ on to the list of verbs.
+ """
+ eq_(res['Access-Control-Allow-Origin'], '*')
+ eq_(res['Access-Control-Expose-Headers'],
+ 'X-API-Version, X-API-Status')
+
+ verbs = map(str.upper, verbs) + ['OPTIONS',]
+ actual = res['Access-Control-Allow-Methods'].split(', ')
+ self.assertSetEqual(verbs, actual)
+ if set(['PATCH', 'POST', 'PUT']).intersection(set(actual)):
+ eq_(res['Access-Control-Allow-Headers'], 'Content-Type')
+
def make_premium(self, addon, price='1.00', currencies=None):
price_obj = Price.objects.create(price=price)
if currencies:
View
@@ -70,6 +70,10 @@ def process_response(self, request, response):
# to be set.
response['Access-Control-Allow-Headers'] = 'Content-Type'
response['Access-Control-Allow-Methods'] = ', '.join(options)
+
+ # The headers that the response will be able to access.
+ response['Access-Control-Expose-Headers'] = ('X-API-Version, '
+ 'X-API-Status')
return response
v_re = re.compile('^/api/v(?P<version>\d+)/|^/api/')
View
@@ -4,7 +4,7 @@
from django.core import mail
from mock import patch
-from nose.tools import eq_
+from nose.tools import eq_, ok_
from market.models import Price, PriceCurrency
from mkt.api.tests.test_oauth import BaseOAuth
@@ -64,17 +64,14 @@ def test_prices_filtered(self):
self.assertSetEqual(self.get_currencies(data), ['USD'])
def test_has_cors(self):
- res = self.client.get(self.get_url)
- eq_(res['Access-Control-Allow-Origin'], '*')
- eq_(res['Access-Control-Allow-Methods'], 'GET, OPTIONS')
+ self.assertCORS(self.client.get(self.get_url), 'get')
@patch('mkt.webpay.resources.PriceResource.dehydrate_prices')
def test_other_cors(self, prices):
prices.side_effect = ValueError
res = self.client.get(self.get_url)
eq_(res.status_code, 500)
- eq_(res['Access-Control-Allow-Origin'], '*')
- eq_(res['Access-Control-Allow-Methods'], 'GET, OPTIONS')
+ self.assertCORS(res, 'get')
def test_locale(self):
self.make_currency(5, self.price, 'BRL')

0 comments on commit 8ce91f2

Please sign in to comment.