1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
<?php
/**
* ownCloud - App Framework
*
* This file is licensed under the Affero General Public License version 3 or
* later. See the COPYING file.
*
* @author Bernhard Posselt <dev@bernhard-posselt.com>
* @copyright Bernhard Posselt 2014
*/
namespace OC\AppFramework\Middleware\Security;
use OC\AppFramework\Http\Request;
use OC\AppFramework\Utility\ControllerMethodReflector;
use OCP\AppFramework\Http\Response;
class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase {
private $reflector;
protected function setUp() {
$this->reflector = new ControllerMethodReflector();
}
/**
* @CORS
*/
public function testSetCORSAPIHeader() {
$request = new Request(
array('server' => array('HTTP_ORIGIN' => 'test'))
);
$this->reflector->reflect($this, __FUNCTION__);
$middleware = new CORSMiddleware($request, $this->reflector);
$response = $middleware->afterController($this, __FUNCTION__, new Response());
$headers = $response->getHeaders();
$this->assertEquals('test', $headers['Access-Control-Allow-Origin']);
}
public function testNoAnnotationNoCORSHEADER() {
$request = new Request(
array('server' => array('HTTP_ORIGIN' => 'test'))
);
$middleware = new CORSMiddleware($request, $this->reflector);
$response = $middleware->afterController($this, __FUNCTION__, new Response());
$headers = $response->getHeaders();
$this->assertFalse(array_key_exists('Access-Control-Allow-Origin', $headers));
}
/**
* @CORS
*/
public function testNoOriginHeaderNoCORSHEADER() {
$request = new Request();
$this->reflector->reflect($this, __FUNCTION__);
$middleware = new CORSMiddleware($request, $this->reflector);
$response = $middleware->afterController($this, __FUNCTION__, new Response());
$headers = $response->getHeaders();
$this->assertFalse(array_key_exists('Access-Control-Allow-Origin', $headers));
}
/**
* @CORS
* @expectedException \OC\AppFramework\Middleware\Security\SecurityException
*/
public function testCorsIgnoredIfWithCredentialsHeaderPresent() {
$request = new Request(
array('server' => array('HTTP_ORIGIN' => 'test'))
);
$this->reflector->reflect($this, __FUNCTION__);
$middleware = new CORSMiddleware($request, $this->reflector);
$response = new Response();
$response->addHeader('AcCess-control-Allow-Credentials ', 'TRUE');
$response = $middleware->afterController($this, __FUNCTION__, $response);
}
}
|
