mirror of
https://github.com/scratchfoundation/restify-cors-middleware.git
synced 2024-12-20 21:02:33 -05:00
add test for checking for duplicate allow headers
This commit is contained in:
parent
397d6f7279
commit
0217b82729
1 changed files with 20 additions and 0 deletions
|
@ -125,4 +125,24 @@ describe('CORS: preflight requests', function () {
|
||||||
.expect(204)
|
.expect(204)
|
||||||
.end(done)
|
.end(done)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('[Not in spec] The Allow-Headers should not contain duplicates', function (done) {
|
||||||
|
var server = test.corsServer({
|
||||||
|
origins: ['http://api.myapp.com', 'http://www.myapp.com']
|
||||||
|
})
|
||||||
|
request(server)
|
||||||
|
.options('/test')
|
||||||
|
.set('Origin', 'http://api.myapp.com')
|
||||||
|
.set('Access-Control-Request-Method', 'GET')
|
||||||
|
.expect(204)
|
||||||
|
.then(function (request) {
|
||||||
|
var allowHeaders = request.headers['access-control-allow-headers'].split(', ')
|
||||||
|
|
||||||
|
if (((new Set(allowHeaders)).size !== allowHeaders.length)) {
|
||||||
|
return done(new Error('duplicate header detected'))
|
||||||
|
}
|
||||||
|
|
||||||
|
done(null)
|
||||||
|
})
|
||||||
|
})
|
||||||
})
|
})
|
||||||
|
|
Loading…
Reference in a new issue