2021-12-22 10:01:45 +00:00
|
|
|
package test
|
2021-12-21 13:16:54 +00:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"net/http"
|
|
|
|
|
"testing"
|
|
|
|
|
|
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
func TestCors(t *testing.T) {
|
|
|
|
|
allowedOrigin := "http://localhost:8080" // The allowed origin that you want to check
|
|
|
|
|
notAllowedOrigin := "http://myapp.com"
|
|
|
|
|
|
2021-12-23 05:01:52 +00:00
|
|
|
s := testSetup()
|
|
|
|
|
defer s.Server.Close()
|
2021-12-21 13:16:54 +00:00
|
|
|
client := &http.Client{}
|
|
|
|
|
|
2021-12-24 00:57:39 +00:00
|
|
|
req, _ := createContext(s)
|
|
|
|
|
req.Header.Add("Origin", allowedOrigin)
|
|
|
|
|
res, _ := client.Do(req)
|
2021-12-21 13:16:54 +00:00
|
|
|
|
|
|
|
|
// You should get your origin (or a * depending on your config) if the
|
|
|
|
|
// passed origin is allowed.
|
2021-12-23 05:01:52 +00:00
|
|
|
o := res.Header.Get("Access-Control-Allow-Origin")
|
2021-12-21 13:16:54 +00:00
|
|
|
assert.NotEqual(t, o, notAllowedOrigin, "Origins should not match")
|
2021-12-23 05:01:52 +00:00
|
|
|
assert.Equal(t, o, allowedOrigin, "Origins do match")
|
2021-12-21 13:16:54 +00:00
|
|
|
}
|
