2018-02-13 18:10:49 +00:00
|
|
|
using FluentAssertions;
|
2014-11-06 00:20:00 +00:00
|
|
|
using NUnit.Framework;
|
2018-11-23 07:03:32 +00:00
|
|
|
using Radarr.Http.Extensions;
|
2014-11-06 00:20:00 +00:00
|
|
|
using RestSharp;
|
|
|
|
|
|
|
|
|
|
namespace NzbDrone.Integration.Test
|
|
|
|
|
{
|
|
|
|
|
[TestFixture]
|
|
|
|
|
public class CorsFixture : IntegrationTest
|
|
|
|
|
{
|
2018-02-13 18:10:49 +00:00
|
|
|
private RestRequest BuildGet(string route = "movie")
|
2014-11-06 00:20:00 +00:00
|
|
|
{
|
2017-12-07 18:44:27 +00:00
|
|
|
var request = new RestRequest(route, Method.GET);
|
2021-10-21 20:04:19 +00:00
|
|
|
request.AddHeader("Origin", "http://a.different.domain");
|
2014-11-06 00:20:00 +00:00
|
|
|
request.AddHeader(AccessControlHeaders.RequestMethod, "POST");
|
|
|
|
|
|
|
|
|
|
return request;
|
|
|
|
|
}
|
|
|
|
|
|
2018-02-13 18:10:49 +00:00
|
|
|
private RestRequest BuildOptions(string route = "movie")
|
2017-12-07 18:44:27 +00:00
|
|
|
{
|
|
|
|
|
var request = new RestRequest(route, Method.OPTIONS);
|
2021-10-21 20:04:19 +00:00
|
|
|
request.AddHeader("Origin", "http://a.different.domain");
|
|
|
|
|
request.AddHeader(AccessControlHeaders.RequestMethod, "POST");
|
2017-12-07 18:44:27 +00:00
|
|
|
|
|
|
|
|
return request;
|
|
|
|
|
}
|
|
|
|
|
|
2014-11-06 00:20:00 +00:00
|
|
|
[Test]
|
|
|
|
|
public void should_not_have_allow_headers_in_response_when_not_included_in_the_request()
|
|
|
|
|
{
|
2017-12-07 18:44:27 +00:00
|
|
|
var request = BuildOptions();
|
|
|
|
|
var response = RestClient.Execute(request);
|
|
|
|
|
|
2014-11-06 00:20:00 +00:00
|
|
|
response.Headers.Should().NotContain(h => h.Name == AccessControlHeaders.AllowHeaders);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[Test]
|
|
|
|
|
public void should_have_allow_headers_in_response_when_included_in_the_request()
|
|
|
|
|
{
|
2017-12-07 18:44:27 +00:00
|
|
|
var request = BuildOptions();
|
2014-11-06 00:20:00 +00:00
|
|
|
request.AddHeader(AccessControlHeaders.RequestHeaders, "X-Test");
|
|
|
|
|
|
2017-12-07 18:44:27 +00:00
|
|
|
var response = RestClient.Execute(request);
|
2014-11-06 00:20:00 +00:00
|
|
|
|
|
|
|
|
response.Headers.Should().Contain(h => h.Name == AccessControlHeaders.AllowHeaders);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[Test]
|
|
|
|
|
public void should_have_allow_origin_in_response()
|
|
|
|
|
{
|
2017-12-07 18:44:27 +00:00
|
|
|
var request = BuildOptions();
|
|
|
|
|
var response = RestClient.Execute(request);
|
2014-11-06 00:20:00 +00:00
|
|
|
|
|
|
|
|
response.Headers.Should().Contain(h => h.Name == AccessControlHeaders.AllowOrigin);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[Test]
|
|
|
|
|
public void should_have_allow_methods_in_response()
|
|
|
|
|
{
|
2017-12-07 18:44:27 +00:00
|
|
|
var request = BuildOptions();
|
|
|
|
|
var response = RestClient.Execute(request);
|
2014-11-06 00:20:00 +00:00
|
|
|
|
|
|
|
|
response.Headers.Should().Contain(h => h.Name == AccessControlHeaders.AllowMethods);
|
|
|
|
|
}
|
2017-12-07 18:44:27 +00:00
|
|
|
|
|
|
|
|
[Test]
|
|
|
|
|
public void should_not_have_allow_methods_in_non_options_request()
|
|
|
|
|
{
|
|
|
|
|
var request = BuildGet();
|
|
|
|
|
var response = RestClient.Execute(request);
|
|
|
|
|
|
|
|
|
|
response.Headers.Should().NotContain(h => h.Name == AccessControlHeaders.AllowMethods);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[Test]
|
|
|
|
|
public void should_have_allow_origin_in_non_options_request()
|
|
|
|
|
{
|
|
|
|
|
var request = BuildGet();
|
|
|
|
|
var response = RestClient.Execute(request);
|
|
|
|
|
|
|
|
|
|
response.Headers.Should().Contain(h => h.Name == AccessControlHeaders.AllowOrigin);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
[Test]
|
|
|
|
|
public void should_not_have_allow_origin_in_non_api_request()
|
|
|
|
|
{
|
|
|
|
|
var request = BuildGet("../abc");
|
|
|
|
|
var response = RestClient.Execute(request);
|
|
|
|
|
|
|
|
|
|
response.Headers.Should().NotContain(h => h.Name == AccessControlHeaders.AllowOrigin);
|
|
|
|
|
}
|
2014-11-06 00:20:00 +00:00
|
|
|
}
|
|
|
|
|
}
|
