dalu/cors
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #13 from gin-contrib/test

Browse Source 
fix testing from #11
This commit is contained in:
Bo-Yi Wu 2016-12-29 16:16:41 +08:00 committed by GitHub
commit da1a40b05a
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
config.go
View File

@ -8,6 +8,7 @@ import (
type cors struct { type cors struct {
allowAllOrigins bool allowAllOrigins bool
allowCredentials bool
allowOriginFunc func(string) bool allowOriginFunc func(string) bool
allowOrigins []string allowOrigins []string
exposeHeaders []string exposeHeaders []string
@ -22,6 +23,7 @@ func newCors(config Config) *cors {
return &cors{ return &cors{
allowOriginFunc: config.AllowOriginFunc, allowOriginFunc: config.AllowOriginFunc,
allowAllOrigins: config.AllowAllOrigins, allowAllOrigins: config.AllowAllOrigins,
allowCredentials: config.AllowCredentials,
allowOrigins: normalize(config.AllowOrigins), allowOrigins: normalize(config.AllowOrigins),
normalHeaders: generateNormalHeaders(config), normalHeaders: generateNormalHeaders(config),
preflightHeaders: generatePreflightHeaders(config), preflightHeaders: generatePreflightHeaders(config),
@ -46,7 +48,7 @@ func (cors *cors) applyCors(c *gin.Context) {
cors.handleNormal(c) cors.handleNormal(c)
} }
if !cors.allowAllOrigins { if !cors.allowAllOrigins && !cors.allowCredentials {
c.Header("Access-Control-Allow-Origin", origin) c.Header("Access-Control-Allow-Origin", origin)
} }
} }

6
cors_test.go
View File

@ -217,7 +217,7 @@ func TestPassesAllowedOrigins(t *testing.T) {
AllowMethods: []string{" GeT ", "get", "post", "PUT ", "Head", "POST"}, AllowMethods: []string{" GeT ", "get", "post", "PUT ", "Head", "POST"},
AllowHeaders: []string{"Content-type", "timeStamp "}, AllowHeaders: []string{"Content-type", "timeStamp "},
ExposeHeaders: []string{"Data", "x-User"}, ExposeHeaders: []string{"Data", "x-User"},
AllowCredentials: true, AllowCredentials: false,
MaxAge: 12 * time.Hour, MaxAge: 12 * time.Hour,
AllowOriginFunc: func(origin string) bool { AllowOriginFunc: func(origin string) bool {
return origin == "http://github.com" return origin == "http://github.com"
@ -235,7 +235,7 @@ func TestPassesAllowedOrigins(t *testing.T) {
w = performRequest(router, "GET", "http://google.com") w = performRequest(router, "GET", "http://google.com")
assert.Equal(t, w.Body.String(), "get") assert.Equal(t, w.Body.String(), "get")
assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "http://google.com") assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "http://google.com")
assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "true") assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "")
assert.Equal(t, w.Header().Get("Access-Control-Expose-Headers"), "Data,X-User") assert.Equal(t, w.Header().Get("Access-Control-Expose-Headers"), "Data,X-User")
// deny CORS request // deny CORS request
@ -249,7 +249,7 @@ func TestPassesAllowedOrigins(t *testing.T) {
w = performRequest(router, "OPTIONS", "http://github.com") w = performRequest(router, "OPTIONS", "http://github.com")
assert.Equal(t, w.Code, 200) assert.Equal(t, w.Code, 200)
assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "http://github.com") assert.Equal(t, w.Header().Get("Access-Control-Allow-Origin"), "http://github.com")
assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "true") assert.Equal(t, w.Header().Get("Access-Control-Allow-Credentials"), "")
assert.Equal(t, w.Header().Get("Access-Control-Allow-Methods"), "GET,POST,PUT,HEAD") assert.Equal(t, w.Header().Get("Access-Control-Allow-Methods"), "GET,POST,PUT,HEAD")
assert.Equal(t, w.Header().Get("Access-Control-Allow-Headers"), "Content-Type,Timestamp") assert.Equal(t, w.Header().Get("Access-Control-Allow-Headers"), "Content-Type,Timestamp")
assert.Equal(t, w.Header().Get("Access-Control-Max-Age"), "43200") assert.Equal(t, w.Header().Get("Access-Control-Max-Age"), "43200")