huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

React to CORS changes

This commit is contained in:
Pranav K 2018-10-10 10:23:59 -07:00
parent 9daf5ff7a4
commit f6fc34aff9
2 changed files with 54 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
build/dependencies.props
View File

@ -28,7 +28,7 @@
<MicrosoftAspNetCoreBenchmarkRunnerSourcesPackageVersion>2.2.0-preview3-35359</MicrosoftAspNetCoreBenchmarkRunnerSourcesPackageVersion>
<MicrosoftAspNetCoreChunkingCookieManagerSourcesPackageVersion>2.2.0-preview3-35359</MicrosoftAspNetCoreChunkingCookieManagerSourcesPackageVersion>
<MicrosoftAspNetCoreCookiePolicyPackageVersion>2.2.0-preview3-35359</MicrosoftAspNetCoreCookiePolicyPackageVersion>
<MicrosoftAspNetCoreCorsPackageVersion>2.2.0-preview3-35359</MicrosoftAspNetCoreCorsPackageVersion>
<MicrosoftAspNetCoreCorsPackageVersion>2.2.0-a-preview3-22cors-16556</MicrosoftAspNetCoreCorsPackageVersion>
<MicrosoftAspNetCoreDiagnosticsAbstractionsPackageVersion>2.2.0-preview3-35359</MicrosoftAspNetCoreDiagnosticsAbstractionsPackageVersion>
<MicrosoftAspNetCoreDiagnosticsPackageVersion>2.2.0-preview3-35359</MicrosoftAspNetCoreDiagnosticsPackageVersion>
<MicrosoftAspNetCoreHostingAbstractionsPackageVersion>2.2.0-preview3-35359</MicrosoftAspNetCoreHostingAbstractionsPackageVersion>

64
test/Microsoft.AspNetCore.Mvc.FunctionalTests/CorsTestsBase.cs
View File

@ -102,7 +102,7 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
[InlineData("HEAD")]
[InlineData("POST")]
[InlineData("PUT")]
public async Task PolicyFailed_Disallows_PreFlightRequest(string method)
public async Task OriginMatched_ReturnsHeaders(string method)
{
// Arrange
var request = new HttpRequestMessage(
@ -120,7 +120,18 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
// Assert
// MVC applied the policy and since that did not pass, there were no access control headers.
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
Assert.Empty(response.Headers);
Assert.Collection(
response.Headers.OrderBy(h => h.Key),
h =>
{
Assert.Equal(CorsConstants.AccessControlAllowMethods, h.Key);
Assert.Equal(new[] { "GET,POST,HEAD" }, h.Value);
},
h =>
{
Assert.Equal(CorsConstants.AccessControlAllowOrigin, h.Key);
Assert.Equal(new[] { "*" }, h.Value);
});
// It should short circuit and hence no result.
var content = await response.Content.ReadAsStringAsync();
@ -146,7 +157,7 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var responseHeaders = response.Headers;
Assert.Equal(
new[] { "http://example.com" },
new[] { "*" },
responseHeaders.GetValues(CorsConstants.AccessControlAllowOrigin).ToArray());
Assert.Equal(
new[] { "true" },
@ -179,16 +190,16 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var responseHeaders = response.Headers;
Assert.Equal(
new[] { "http://example.com" },
new[] { "*" },
responseHeaders.GetValues(CorsConstants.AccessControlAllowOrigin).ToArray());
Assert.Equal(
new[] { "true" },
responseHeaders.GetValues(CorsConstants.AccessControlAllowCredentials).ToArray());
Assert.Equal(
new[] { "header1,header2" },
new[] { "*" },
responseHeaders.GetValues(CorsConstants.AccessControlAllowHeaders).ToArray());
Assert.Equal(
new[] { "PUT" },
new[] { "PUT,POST" },
responseHeaders.GetValues(CorsConstants.AccessControlAllowMethods).ToArray());
var content = await response.Content.ReadAsStringAsync();
@ -270,12 +281,43 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
Assert.Empty(content);
}
[Theory]
[InlineData("http://localhost/api/store/actionusingcontrollercorssettings")]
[InlineData("http://localhost/api/store/actionwithcorssettings")]
public async Task CorsFilter_RunsBeforeOtherAuthorizationFilters(string url)
[Fact]
public async Task CorsFilter_RunsBeforeOtherAuthorizationFilters_UsesPolicySpecifiedOnController()
{
// Arrange
var url = "http://localhost/api/store/actionusingcontrollercorssettings";
var request = new HttpRequestMessage(new HttpMethod(CorsConstants.PreflightHttpMethod), url);
// Adding a custom header makes it a non-simple request.
request.Headers.Add(CorsConstants.Origin, "http://example.com");
request.Headers.Add(CorsConstants.AccessControlRequestMethod, "GET");
request.Headers.Add(CorsConstants.AccessControlRequestHeaders, "Custom");
// Act
var response = await Client.SendAsync(request);
// Assert
Assert.Equal(HttpStatusCode.OK, response.StatusCode);
var responseHeaders = response.Headers;
Assert.Equal(
new[] { "*" },
responseHeaders.GetValues(CorsConstants.AccessControlAllowOrigin).ToArray());
Assert.Equal(
new[] { "true" },
responseHeaders.GetValues(CorsConstants.AccessControlAllowCredentials).ToArray());
Assert.Equal(
new[] { "*" },
responseHeaders.GetValues(CorsConstants.AccessControlAllowHeaders).ToArray());
var content = await response.Content.ReadAsStringAsync();
Assert.Empty(content);
}
[Fact]
public async Task CorsFilter_RunsBeforeOtherAuthorizationFilters_UsesPolicySpecifiedOnAction()
{
// Arrange
var url = "http://localhost/api/store/actionwithcorssettings";
var request = new HttpRequestMessage(new HttpMethod(CorsConstants.PreflightHttpMethod), url);
// Adding a custom header makes it a non-simple request.
@ -296,7 +338,7 @@ namespace Microsoft.AspNetCore.Mvc.FunctionalTests
new[] { "true" },
responseHeaders.GetValues(CorsConstants.AccessControlAllowCredentials).ToArray());
Assert.Equal(
new[] { "Custom" },
new[] { "*" },
responseHeaders.GetValues(CorsConstants.AccessControlAllowHeaders).ToArray());
var content = await response.Content.ReadAsStringAsync();