cors.rs - mozsearch

Enable keyboard shortcuts

#![deny(warnings)]

use warp::{http::Method, Filter};

#[tokio::test]

async fn allow_methods() {

    let cors = warp::cors().allow_methods(&[Method::GET, Method::POST, Method::DELETE]);

    let route = warp::any().map(warp::reply).with(cors);

    let res = warp::test::request()

        .method("OPTIONS")

        .header("origin", "warp")

        .header("access-control-request-method", "DELETE")

        .reply(&route)

        .await;

    assert_eq!(res.status(), 200);

    let res = warp::test::request()

        .method("OPTIONS")

        .header("origin", "warp")

        .header("access-control-request-method", "PUT")

        .reply(&route)

        .await;

    assert_eq!(res.status(), 403);

#[tokio::test]

async fn origin_not_allowed() {

    let cors = warp::cors()

        .allow_methods(&[Method::DELETE])

        .allow_origin("https://hyper.rs");

    let route = warp::any().map(warp::reply).with(cors);

    let res = warp::test::request()

        .method("OPTIONS")

        .header("origin", "https://warp.rs")

        .header("access-control-request-method", "DELETE")

        .reply(&route)

        .await;

    assert_eq!(res.status(), 403);

    let res = warp::test::request()

        .header("origin", "https://warp.rs")

        .header("access-control-request-method", "DELETE")

        .reply(&route)

        .await;

    assert_eq!(res.status(), 403);

#[tokio::test]

async fn headers_not_exposed() {

    let cors = warp::cors()

        .allow_any_origin()

        .allow_methods(&[Method::GET]);

    let route = warp::any().map(warp::reply).with(cors);

    let res = warp::test::request()

        .method("OPTIONS")

        .header("origin", "https://warp.rs")

        .header("access-control-request-method", "GET")

        .reply(&route)

        .await;

    assert_eq!(

        res.headers().contains_key("access-control-expose-headers"),

        false

);

    let res = warp::test::request()

        .method("GET")

        .header("origin", "https://warp.rs")

        .reply(&route)

        .await;

    assert_eq!(

        res.headers().contains_key("access-control-expose-headers"),

        false

);

#[tokio::test]

async fn headers_not_allowed() {

    let cors = warp::cors()

        .allow_methods(&[Method::DELETE])

        .allow_headers(vec!["x-foo"]);

    let route = warp::any().map(warp::reply).with(cors);

    let res = warp::test::request()

        .method("OPTIONS")

        .header("origin", "https://warp.rs")

        .header("access-control-request-headers", "x-bar")

        .header("access-control-request-method", "DELETE")

        .reply(&route)

        .await;

    assert_eq!(res.status(), 403);

#[tokio::test]

async fn success() {

    let cors = warp::cors()

        .allow_credentials(true)

        .allow_headers(vec!["x-foo", "x-bar"])

        .allow_methods(&[Method::POST, Method::DELETE])

        .expose_header("x-header1")

        .expose_headers(vec!["x-header2"])

        .max_age(30);

    let route = warp::any().map(warp::reply).with(cors);

    // preflight

    let res = warp::test::request()

        .method("OPTIONS")

        .header("origin", "https://hyper.rs")

        .header("access-control-request-headers", "x-bar, x-foo")

        .header("access-control-request-method", "DELETE")

        .reply(&route)

        .await;

    assert_eq!(res.status(), 200);

    assert_eq!(

        res.headers()["access-control-allow-origin"],

        "https://hyper.rs"

);

    assert_eq!(res.headers()["access-control-allow-credentials"], "true");

    let allowed_headers = &res.headers()["access-control-allow-headers"];

    assert!(allowed_headers == "x-bar, x-foo" || allowed_headers == "x-foo, x-bar");

    let exposed_headers = &res.headers()["access-control-expose-headers"];

    assert!(exposed_headers == "x-header1, x-header2" || exposed_headers == "x-header2, x-header1");

    assert_eq!(res.headers()["access-control-max-age"], "30");

    let methods = &res.headers()["access-control-allow-methods"];

    assert!(

        // HashSet randomly orders these...

        methods == "DELETE, POST" || methods == "POST, DELETE",

        "access-control-allow-methods: {:?}",

        methods,

);

    // cors request

    let res = warp::test::request()

        .method("DELETE")

        .header("origin", "https://hyper.rs")

        .header("x-foo", "hello")

        .header("x-bar", "world")

        .reply(&route)

        .await;

    assert_eq!(res.status(), 200);

    assert_eq!(

        res.headers()["access-control-allow-origin"],

        "https://hyper.rs"

);

    assert_eq!(res.headers()["access-control-allow-credentials"], "true");

    assert_eq!(res.headers().get("access-control-max-age"), None);

    assert_eq!(res.headers().get("access-control-allow-methods"), None);

    let exposed_headers = &res.headers()["access-control-expose-headers"];

    assert!(exposed_headers == "x-header1, x-header2" || exposed_headers == "x-header2, x-header1");

#[tokio::test]

async fn with_log() {

    let cors = warp::cors()

        .allow_any_origin()

        .allow_methods(&[Method::GET]);

    let route = warp::any()

        .map(warp::reply)

        .with(cors)

        .with(warp::log("cors test"));

    let res = warp::test::request()

        .method("OPTIONS")

        .header("origin", "warp")

        .header("access-control-request-method", "GET")

        .reply(&route)

        .await;

    assert_eq!(res.status(), 200);