Skip to content
This repository
Browse code

add in cross domain headers (bug 701409)

  • Loading branch information...
commit a95695a2feeae6a9bfe85df5384a6617844816ae 1 parent 37d8135
Andy McKay authored December 07, 2011
17  apps/webapps/tests/test_verify.py
@@ -15,7 +15,6 @@
15 15
 from stats.models import Contribution
16 16
 
17 17
 import json
18  
-import jwt
19 18
 import M2Crypto
20 19
 import mock
21 20
 
@@ -115,3 +114,19 @@ def test_crack_borked_receipt(self):
115 114
         receipt = self.make_install().receipt
116 115
         self.assertRaises(M2Crypto.RSA.RSAError, verify.decode_receipt,
117 116
                           receipt + 'x')
  117
+
  118
+    @mock.patch.object(verify, 'decode_receipt')
  119
+    def get_headers(self, decode_receipt):
  120
+        decode_receipt.return_value = ''
  121
+        return verify.Verify(3615, '').get_headers(1)
  122
+
  123
+    def test_cross_domain(self):
  124
+        hdrs = self.get_headers()
  125
+        assert ('Access-Control-Allow-Origin', '*') in hdrs, (
  126
+                'No cross domain headers')
  127
+        assert ('Access-Control-Allow-Methods', 'POST') in hdrs, (
  128
+                'Allow POST only')
  129
+
  130
+    def test_no_cache(self):
  131
+        hdrs = self.get_headers()
  132
+        assert ('Cache-Control', 'no-cache') in hdrs, 'No cache header needed'
4  services/verify.py
@@ -90,7 +90,9 @@ def format_date(self, secs):
90 90
         return '%s GMT' % formatdate(time() + secs)[:25]
91 91
 
92 92
     def get_headers(self, length):
93  
-        return [('Content-Type', 'application/json'),
  93
+        return [('Access-Control-Allow-Origin', '*'),
  94
+                ('Access-Control-Allow-Methods', 'POST'),
  95
+                ('Content-Type', 'application/json'),
94 96
                 ('Content-Length', str(length)),
95 97
                 ('Cache-Control', 'no-cache'),
96 98
                 ('Last-Modified', self.format_date(0))]

0 notes on commit a95695a

Please sign in to comment.
Something went wrong with that request. Please try again.