prometheus/util/httputil/cors_test.go

// Copyright 2016 The Prometheus Authors
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package httputil

import (
	"net/http"
	"testing"

	"github.com/grafana/regexp"
	"github.com/stretchr/testify/require"
)

func getCORSHandlerFunc() http.Handler {
	hf := func(w http.ResponseWriter, r *http.Request) {
		reg := regexp.MustCompile(`^https://foo\.com$`)
		SetCORS(w, reg, r)
		w.WriteHeader(http.StatusOK)
	}
	return http.HandlerFunc(hf)
}

func TestCORSHandler(t *testing.T) {
	tearDown := setup()
	defer tearDown()
	client := &http.Client{}

	ch := getCORSHandlerFunc()
	mux.Handle("/any_path", ch)

	dummyOrigin := "https://foo.com"

	// OPTIONS with legit origin
	req, err := http.NewRequest("OPTIONS", server.URL+"/any_path", nil)
	require.NoError(t, err, "could not create request")

	req.Header.Set("Origin", dummyOrigin)
	resp, err := client.Do(req)
	require.NoError(t, err, "client get failed with unexpected error")

	AccessControlAllowOrigin := resp.Header.Get("Access-Control-Allow-Origin")

	require.Equal(t, dummyOrigin, AccessControlAllowOrigin, "expected Access-Control-Allow-Origin header")

	// OPTIONS with bad origin
	req, err = http.NewRequest("OPTIONS", server.URL+"/any_path", nil)
	require.NoError(t, err, "could not create request")

	req.Header.Set("Origin", "https://not-foo.com")
	resp, err = client.Do(req)
	require.NoError(t, err, "client get failed with unexpected error")

	AccessControlAllowOrigin = resp.Header.Get("Access-Control-Allow-Origin")
	require.Empty(t, AccessControlAllowOrigin, "Access-Control-Allow-Origin header should not exist but it was set")
}
Added CORS Origin flag (#5011) Signed-off-by: Hrishikesh Barman <hrishikeshbman@gmail.com> 2019-01-17 07:01:06 -08:00			`// Copyright 2016 The Prometheus Authors`
			`// Licensed under the Apache License, Version 2.0 (the "License");`
			`// you may not use this file except in compliance with the License.`
			`// You may obtain a copy of the License at`
			`//`
			`// http://www.apache.org/licenses/LICENSE-2.0`
			`//`
			`// Unless required by applicable law or agreed to in writing, software`
			`// distributed under the License is distributed on an "AS IS" BASIS,`
			`// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`// See the License for the specific language governing permissions and`
			`// limitations under the License.`

			`package httputil`

			`import (`
			`"net/http"`
			`"testing"`
tests: Move from t.Errorf and others. (Part 2) (#9309) * Refactor util tests. Signed-off-by: Paweł Szulik <paul.szulik@gmail.com> 2021-09-13 12:19:20 -07:00
Switch to grafana/regexp everywhere (#10268) Let's have a consistent library for regexp. Signed-off-by: Julien Pivotto <roidelapluie@inuits.eu> 2022-02-12 15:58:27 -08:00			`"github.com/grafana/regexp"`
tests: Move from t.Errorf and others. (Part 2) (#9309) * Refactor util tests. Signed-off-by: Paweł Szulik <paul.szulik@gmail.com> 2021-09-13 12:19:20 -07:00			`"github.com/stretchr/testify/require"`
Added CORS Origin flag (#5011) Signed-off-by: Hrishikesh Barman <hrishikeshbman@gmail.com> 2019-01-17 07:01:06 -08:00			`)`

			`func getCORSHandlerFunc() http.Handler {`
			`hf := func(w http.ResponseWriter, r *http.Request) {`
			reg := regexp.MustCompile(`^https://foo\.com$`)
			`SetCORS(w, reg, r)`
			`w.WriteHeader(http.StatusOK)`
			`}`
			`return http.HandlerFunc(hf)`
			`}`

			`func TestCORSHandler(t *testing.T) {`
			`tearDown := setup()`
			`defer tearDown()`
			`client := &http.Client{}`

			`ch := getCORSHandlerFunc()`
			`mux.Handle("/any_path", ch)`

			`dummyOrigin := "https://foo.com"`

			`// OPTIONS with legit origin`
			`req, err := http.NewRequest("OPTIONS", server.URL+"/any_path", nil)`
tests: Move from t.Errorf and others. (Part 2) (#9309) * Refactor util tests. Signed-off-by: Paweł Szulik <paul.szulik@gmail.com> 2021-09-13 12:19:20 -07:00			`require.NoError(t, err, "could not create request")`
Added CORS Origin flag (#5011) Signed-off-by: Hrishikesh Barman <hrishikeshbman@gmail.com> 2019-01-17 07:01:06 -08:00
			`req.Header.Set("Origin", dummyOrigin)`
			`resp, err := client.Do(req)`
tests: Move from t.Errorf and others. (Part 2) (#9309) * Refactor util tests. Signed-off-by: Paweł Szulik <paul.szulik@gmail.com> 2021-09-13 12:19:20 -07:00			`require.NoError(t, err, "client get failed with unexpected error")`
Added CORS Origin flag (#5011) Signed-off-by: Hrishikesh Barman <hrishikeshbman@gmail.com> 2019-01-17 07:01:06 -08:00
			`AccessControlAllowOrigin := resp.Header.Get("Access-Control-Allow-Origin")`

tests: Move from t.Errorf and others. (Part 2) (#9309) * Refactor util tests. Signed-off-by: Paweł Szulik <paul.szulik@gmail.com> 2021-09-13 12:19:20 -07:00			`require.Equal(t, dummyOrigin, AccessControlAllowOrigin, "expected Access-Control-Allow-Origin header")`
Added CORS Origin flag (#5011) Signed-off-by: Hrishikesh Barman <hrishikeshbman@gmail.com> 2019-01-17 07:01:06 -08:00
			`// OPTIONS with bad origin`
			`req, err = http.NewRequest("OPTIONS", server.URL+"/any_path", nil)`
tests: Move from t.Errorf and others. (Part 2) (#9309) * Refactor util tests. Signed-off-by: Paweł Szulik <paul.szulik@gmail.com> 2021-09-13 12:19:20 -07:00			`require.NoError(t, err, "could not create request")`
Added CORS Origin flag (#5011) Signed-off-by: Hrishikesh Barman <hrishikeshbman@gmail.com> 2019-01-17 07:01:06 -08:00
			`req.Header.Set("Origin", "https://not-foo.com")`
			`resp, err = client.Do(req)`
tests: Move from t.Errorf and others. (Part 2) (#9309) * Refactor util tests. Signed-off-by: Paweł Szulik <paul.szulik@gmail.com> 2021-09-13 12:19:20 -07:00			`require.NoError(t, err, "client get failed with unexpected error")`
Added CORS Origin flag (#5011) Signed-off-by: Hrishikesh Barman <hrishikeshbman@gmail.com> 2019-01-17 07:01:06 -08:00
			`AccessControlAllowOrigin = resp.Header.Get("Access-Control-Allow-Origin")`
tests: Move from t.Errorf and others. (Part 2) (#9309) * Refactor util tests. Signed-off-by: Paweł Szulik <paul.szulik@gmail.com> 2021-09-13 12:19:20 -07:00			`require.Empty(t, AccessControlAllowOrigin, "Access-Control-Allow-Origin header should not exist but it was set")`
Added CORS Origin flag (#5011) Signed-off-by: Hrishikesh Barman <hrishikeshbman@gmail.com> 2019-01-17 07:01:06 -08:00			`}`