blob: 2cb25bc93cb88d0fab6db4f5197eef38c3f965d1 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
|
// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.jdisc.http.filter.security.cors;
import com.yahoo.container.jdisc.RequestHandlerTestDriver.MockResponseHandler;
import com.yahoo.jdisc.Response;
import com.yahoo.jdisc.http.filter.DiscFilterRequest;
import org.junit.Test;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import static com.yahoo.jdisc.http.filter.security.cors.CorsLogic.ALLOW_ORIGIN_HEADER;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.notNullValue;
import static org.junit.Assert.assertThat;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
/**
* @author bjorncs
*/
public class CorsRequestFilterBaseTest {
@Test
public void adds_cors_headers_when_filter_reject_request() {
String origin = "http://allowed.origin";
Set<String> allowedOrigins = Collections.singleton(origin);
int statusCode = 403;
SimpleCorsRequestFilter filter =
new SimpleCorsRequestFilter(allowedOrigins, statusCode, "Forbidden");
DiscFilterRequest request = mock(DiscFilterRequest.class);
when(request.getHeader("Origin")).thenReturn(origin);
MockResponseHandler responseHandler = new MockResponseHandler();
filter.filter(request, responseHandler);
Response response = responseHandler.getResponse();
assertThat(response, notNullValue());
assertThat(response.getStatus(), equalTo(statusCode));
List<String> allowOriginHeader = response.headers().get(ALLOW_ORIGIN_HEADER);
assertThat(allowOriginHeader.size(), equalTo(1));
assertThat(allowOriginHeader.get(0), equalTo(origin));
}
private static class SimpleCorsRequestFilter extends CorsRequestFilterBase {
private final ErrorResponse errorResponse;
SimpleCorsRequestFilter(Set<String> allowedUrls, int statusCode, String message) {
super(allowedUrls);
this.errorResponse = new ErrorResponse(statusCode, message);
}
@Override
protected Optional<ErrorResponse> filterRequest(DiscFilterRequest request) {
return Optional.ofNullable(this.errorResponse);
}
}
}
|
