diff options
author | feistel <6742251-feistel@users.noreply.gitlab.com> | 2021-08-01 14:56:59 +0300 |
---|---|---|
committer | feistel <6742251-feistel@users.noreply.gitlab.com> | 2021-08-09 15:35:06 +0300 |
commit | a6a353bb9b4939073d6344d86b292eed7488a4b3 (patch) | |
tree | b40ba81d08dd15ab4f67c9e61d818720e2498757 /test/acceptance | |
parent | 52f82517edfa6c2c1a3220d6ab5cf1440faf2d17 (diff) |
test: add test to ensure cors header is sent with head requests
Diffstat (limited to 'test/acceptance')
-rw-r--r-- | test/acceptance/serving_test.go | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/test/acceptance/serving_test.go b/test/acceptance/serving_test.go index 55933e39..1349f7ff 100644 --- a/test/acceptance/serving_test.go +++ b/test/acceptance/serving_test.go @@ -215,7 +215,7 @@ func TestCORSWhenDisabled(t *testing.T) { RunPagesProcessWithStubGitLabServer(t, withExtraArgument("disable-cross-origin-requests", "true")) for _, spec := range supportedListeners() { - for _, method := range []string{"GET", "OPTIONS"} { + for _, method := range []string{http.MethodGet, http.MethodOptions} { rsp := doCrossOriginRequest(t, spec, method, method, spec.URL("project/")) require.Equal(t, http.StatusOK, rsp.StatusCode) @@ -229,7 +229,21 @@ func TestCORSAllowsGET(t *testing.T) { RunPagesProcessWithStubGitLabServer(t) for _, spec := range supportedListeners() { - for _, method := range []string{"GET", "OPTIONS"} { + for _, method := range []string{http.MethodGet, http.MethodOptions} { + rsp := doCrossOriginRequest(t, spec, method, method, spec.URL("project/")) + + require.Equal(t, http.StatusOK, rsp.StatusCode) + require.Equal(t, "*", rsp.Header.Get("Access-Control-Allow-Origin")) + require.Equal(t, "", rsp.Header.Get("Access-Control-Allow-Credentials")) + } + } +} + +func TestCORSAllowsHEAD(t *testing.T) { + RunPagesProcessWithStubGitLabServer(t) + + for _, spec := range supportedListeners() { + for _, method := range []string{http.MethodGet, http.MethodOptions, http.MethodHead} { rsp := doCrossOriginRequest(t, spec, method, method, spec.URL("project/")) require.Equal(t, http.StatusOK, rsp.StatusCode) @@ -243,7 +257,7 @@ func TestCORSForbidsPOST(t *testing.T) { RunPagesProcessWithStubGitLabServer(t) for _, spec := range supportedListeners() { - rsp := doCrossOriginRequest(t, spec, "OPTIONS", "POST", spec.URL("project/")) + rsp := doCrossOriginRequest(t, spec, http.MethodOptions, http.MethodPost, spec.URL("project/")) require.Equal(t, http.StatusOK, rsp.StatusCode) require.Equal(t, "", rsp.Header.Get("Access-Control-Allow-Origin")) |