mirror of https://github.com/prometheus/prometheus
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
65 lines
2.1 KiB
65 lines
2.1 KiB
// Copyright 2016 The Prometheus Authors |
|
// Licensed under the Apache License, Version 2.0 (the "License"); |
|
// you may not use this file except in compliance with the License. |
|
// You may obtain a copy of the License at |
|
// |
|
// http://www.apache.org/licenses/LICENSE-2.0 |
|
// |
|
// Unless required by applicable law or agreed to in writing, software |
|
// distributed under the License is distributed on an "AS IS" BASIS, |
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
// See the License for the specific language governing permissions and |
|
// limitations under the License. |
|
|
|
package httputil |
|
|
|
import ( |
|
"net/http" |
|
"testing" |
|
|
|
"github.com/grafana/regexp" |
|
"github.com/stretchr/testify/require" |
|
) |
|
|
|
func getCORSHandlerFunc() http.Handler { |
|
hf := func(w http.ResponseWriter, r *http.Request) { |
|
reg := regexp.MustCompile(`^https://foo\.com$`) |
|
SetCORS(w, reg, r) |
|
w.WriteHeader(http.StatusOK) |
|
} |
|
return http.HandlerFunc(hf) |
|
} |
|
|
|
func TestCORSHandler(t *testing.T) { |
|
tearDown := setup() |
|
defer tearDown() |
|
client := &http.Client{} |
|
|
|
ch := getCORSHandlerFunc() |
|
mux.Handle("/any_path", ch) |
|
|
|
dummyOrigin := "https://foo.com" |
|
|
|
// OPTIONS with legit origin |
|
req, err := http.NewRequest("OPTIONS", server.URL+"/any_path", nil) |
|
require.NoError(t, err, "could not create request") |
|
|
|
req.Header.Set("Origin", dummyOrigin) |
|
resp, err := client.Do(req) |
|
require.NoError(t, err, "client get failed with unexpected error") |
|
|
|
AccessControlAllowOrigin := resp.Header.Get("Access-Control-Allow-Origin") |
|
|
|
require.Equal(t, dummyOrigin, AccessControlAllowOrigin, "expected Access-Control-Allow-Origin header") |
|
|
|
// OPTIONS with bad origin |
|
req, err = http.NewRequest("OPTIONS", server.URL+"/any_path", nil) |
|
require.NoError(t, err, "could not create request") |
|
|
|
req.Header.Set("Origin", "https://not-foo.com") |
|
resp, err = client.Do(req) |
|
require.NoError(t, err, "client get failed with unexpected error") |
|
|
|
AccessControlAllowOrigin = resp.Header.Get("Access-Control-Allow-Origin") |
|
require.Empty(t, AccessControlAllowOrigin, "Access-Control-Allow-Origin header should not exist but it was set") |
|
}
|
|
|