restify-cors-middleware/test/cors.actual.spec.js

//
// Based on the spec at http://www.w3.org/TR/cors/
// The test numbers correspond to steps in the specification
//
/* eslint-env mocha */

var request = require('supertest')
var should = require('should')
var test = require('./test')

describe('CORS: simple / actual requests', function () {
  it('6.1.1 Does not set headers if Origin is missing', function (done) {
    var server = test.corsServer({
      origins: ['http://api.myapp.com', 'http://www.myapp.com']
    })
    request(server)
        .get('/test')
        .expect(test.noHeader('access-control-allow-origin'))
        .expect(200)
        .end(done)
  })

  it('6.1.2 Does not set headers if Origin does not match', function (done) {
    var server = test.corsServer({
      origins: ['http://api.myapp.com', 'http://www.myapp.com']
    })
    request(server)
        .get('/test')
        .set('Origin', 'http://random-website.com')
        .expect(test.noHeader('access-control-allow-origin'))
        .expect(200)
        .end(done)
  })

  it('6.1.3 Sets Allow-Origin headers if the Origin matches', function (done) {
    var server = test.corsServer({
      origins: ['http://api.myapp.com', 'http://www.myapp.com']
    })
    request(server)
        .get('/test')
        .set('Origin', 'http://api.myapp.com')
        .expect('access-control-allow-origin', 'http://api.myapp.com')
        .expect(200)
        .end(done)
  })

  it('6.1.3 Does not set Access-Control-Allow-Credentials header if Origin is *', function (done) {
    should.throws(function () {
      test.corsServer({
        origins: ['*'],
        credentials: true
      })
    })
    done()
  })

  it('6.1.3 Sets Access-Control-Allow-Credentials header if configured', function (done) {
    var server = test.corsServer({
      origins: ['http://api.myapp.com'],
      credentials: true
    })
    request(server)
        .get('/test')
        .set('Origin', 'http://api.myapp.com')
        .expect('access-control-allow-credentials', 'true')
        .expect(200)
        .end(done)
  })

  it('6.1.4 Does not set exposed headers if empty', function (done) {
    var server = test.corsServer({
      origins: ['http://api.myapp.com', 'http://www.myapp.com']
    })
    request(server)
        .get('/test')
        .set('Origin', 'http://api.myapp.com')
        .expect('access-control-allow-origin', 'http://api.myapp.com')
        .expect('access-control-expose-headers', /api-version/)     // defaults
        .expect(200)
        .end(done)
  })

  it('6.1.4 Sets exposed headers if configured', function (done) {
    var server = test.corsServer({
      origins: ['http://api.myapp.com', 'http://www.myapp.com'],
      exposeHeaders: ['HeaderA', 'HeaderB']
    })
    request(server)
        .get('/test')
        .set('Origin', 'http://api.myapp.com')
        .expect('access-control-allow-origin', 'http://api.myapp.com')
        .expect('access-control-expose-headers', /HeaderA, HeaderB/)  // custom
        .expect('access-control-expose-headers', /api-version/)       // defaults
        .expect(200)
        .end(done)
  })
})
First commit, supports 12/15 items of the spec 2014-05-07 22:16:17 -04:00			`//`
			`// Based on the spec at http://www.w3.org/TR/cors/`
Fix typos 2014-05-08 09:07:57 -04:00			`// The test numbers correspond to steps in the specification`
First commit, supports 12/15 items of the spec 2014-05-07 22:16:17 -04:00			`//`
Use standard style guide 🎉 2017-05-22 12:03:45 -04:00			`/* eslint-env mocha */`
First commit, supports 12/15 items of the spec 2014-05-07 22:16:17 -04:00
Use standard style guide 🎉 2017-05-22 12:03:45 -04:00			`var request = require('supertest')`
			`var should = require('should')`
			`var test = require('./test')`
First commit, supports 12/15 items of the spec 2014-05-07 22:16:17 -04:00
Use standard style guide 🎉 2017-05-22 12:03:45 -04:00			`describe('CORS: simple / actual requests', function () {`
			`it('6.1.1 Does not set headers if Origin is missing', function (done) {`
			`var server = test.corsServer({`
			`origins: ['http://api.myapp.com', 'http://www.myapp.com']`
			`})`
			`request(server)`
First commit, supports 12/15 items of the spec 2014-05-07 22:16:17 -04:00			`.get('/test')`
			`.expect(test.noHeader('access-control-allow-origin'))`
			`.expect(200)`
Use standard style guide 🎉 2017-05-22 12:03:45 -04:00			`.end(done)`
			`})`
First commit, supports 12/15 items of the spec 2014-05-07 22:16:17 -04:00
Use standard style guide 🎉 2017-05-22 12:03:45 -04:00			`it('6.1.2 Does not set headers if Origin does not match', function (done) {`
			`var server = test.corsServer({`
			`origins: ['http://api.myapp.com', 'http://www.myapp.com']`
			`})`
			`request(server)`
First commit, supports 12/15 items of the spec 2014-05-07 22:16:17 -04:00			`.get('/test')`
			`.set('Origin', 'http://random-website.com')`
			`.expect(test.noHeader('access-control-allow-origin'))`
			`.expect(200)`
Use standard style guide 🎉 2017-05-22 12:03:45 -04:00			`.end(done)`
			`})`
First commit, supports 12/15 items of the spec 2014-05-07 22:16:17 -04:00
Use standard style guide 🎉 2017-05-22 12:03:45 -04:00			`it('6.1.3 Sets Allow-Origin headers if the Origin matches', function (done) {`
			`var server = test.corsServer({`
			`origins: ['http://api.myapp.com', 'http://www.myapp.com']`
			`})`
			`request(server)`
First commit, supports 12/15 items of the spec 2014-05-07 22:16:17 -04:00			`.get('/test')`
			`.set('Origin', 'http://api.myapp.com')`
			`.expect('access-control-allow-origin', 'http://api.myapp.com')`
			`.expect(200)`
Use standard style guide 🎉 2017-05-22 12:03:45 -04:00			`.end(done)`
			`})`
add support and tests for simple/actual requests needing Access-Control-Allow-Credentials 2015-05-08 17:04:52 -04:00
Use standard style guide 🎉 2017-05-22 12:03:45 -04:00			`it('6.1.3 Does not set Access-Control-Allow-Credentials header if Origin is *', function (done) {`
			`should.throws(function () {`
			`test.corsServer({`
			`origins: ['*'],`
add support and tests for simple/actual requests needing Access-Control-Allow-Credentials 2015-05-08 17:04:52 -04:00			`credentials: true`
Use standard style guide 🎉 2017-05-22 12:03:45 -04:00			`})`
			`})`
			`done()`
			`})`

			`it('6.1.3 Sets Access-Control-Allow-Credentials header if configured', function (done) {`
			`var server = test.corsServer({`
			`origins: ['http://api.myapp.com'],`
			`credentials: true`
			`})`
			`request(server)`
add support and tests for simple/actual requests needing Access-Control-Allow-Credentials 2015-05-08 17:04:52 -04:00			`.get('/test')`
			`.set('Origin', 'http://api.myapp.com')`
			`.expect('access-control-allow-credentials', 'true')`
			`.expect(200)`
Use standard style guide 🎉 2017-05-22 12:03:45 -04:00			`.end(done)`
			`})`
add support and tests for simple/actual requests needing Access-Control-Allow-Credentials 2015-05-08 17:04:52 -04:00
Use standard style guide 🎉 2017-05-22 12:03:45 -04:00			`it('6.1.4 Does not set exposed headers if empty', function (done) {`
			`var server = test.corsServer({`
			`origins: ['http://api.myapp.com', 'http://www.myapp.com']`
			`})`
			`request(server)`
First commit, supports 12/15 items of the spec 2014-05-07 22:16:17 -04:00			`.get('/test')`
			`.set('Origin', 'http://api.myapp.com')`
			`.expect('access-control-allow-origin', 'http://api.myapp.com')`
			`.expect('access-control-expose-headers', /api-version/) // defaults`
			`.expect(200)`
Use standard style guide 🎉 2017-05-22 12:03:45 -04:00			`.end(done)`
			`})`
First commit, supports 12/15 items of the spec 2014-05-07 22:16:17 -04:00
Use standard style guide 🎉 2017-05-22 12:03:45 -04:00			`it('6.1.4 Sets exposed headers if configured', function (done) {`
			`var server = test.corsServer({`
			`origins: ['http://api.myapp.com', 'http://www.myapp.com'],`
			`exposeHeaders: ['HeaderA', 'HeaderB']`
			`})`
			`request(server)`
First commit, supports 12/15 items of the spec 2014-05-07 22:16:17 -04:00			`.get('/test')`
			`.set('Origin', 'http://api.myapp.com')`
			`.expect('access-control-allow-origin', 'http://api.myapp.com')`
			`.expect('access-control-expose-headers', /HeaderA, HeaderB/) // custom`
			`.expect('access-control-expose-headers', /api-version/) // defaults`
			`.expect(200)`
Use standard style guide 🎉 2017-05-22 12:03:45 -04:00			`.end(done)`
			`})`
			`})`