From 28ed208022b806b4d79985c20d2e8c0bd0e69488 Mon Sep 17 00:00:00 2001
From: Ken Dale <ken@kendaleiv.com>
Date: Wed, 17 Jun 2020 09:22:20 -0400
Subject: [PATCH] Add
 SetIsOriginAllowedToAllowWildcardSubdomains_DoesNotAllowRootDomain test
 (#23001)

This test makes it clear root domains are not included in CORS subdomain wildcards
---
 .../CORS/test/UnitTests/CorsPolicyBuilderTests.cs  | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/Middleware/CORS/test/UnitTests/CorsPolicyBuilderTests.cs b/src/Middleware/CORS/test/UnitTests/CorsPolicyBuilderTests.cs
index 82c7c0b4ee..3dd2bcb22a 100644
--- a/src/Middleware/CORS/test/UnitTests/CorsPolicyBuilderTests.cs
+++ b/src/Middleware/CORS/test/UnitTests/CorsPolicyBuilderTests.cs
@@ -205,6 +205,20 @@ namespace Microsoft.AspNetCore.Cors.Infrastructure
             Assert.True(corsPolicy.IsOriginAllowed("http://test.example.com"));
         }
 
+        [Fact]
+        public void SetIsOriginAllowedToAllowWildcardSubdomains_DoesNotAllowRootDomain()
+        {
+            // Arrange
+            var builder = new CorsPolicyBuilder("http://*.example.com");
+
+            // Act
+            builder.SetIsOriginAllowedToAllowWildcardSubdomains();
+
+            // Assert
+            var corsPolicy = builder.Build();
+            Assert.False(corsPolicy.IsOriginAllowed("http://example.com"));
+        }
+
         [Fact]
         public void WithMethods_AddsMethods()
         {