#![deny(warnings)]
use warp::{http::Method, Filter};
#[tokio::test]
async fn allow_methods() {
let cors = warp::cors().allow_methods(&[Method::GET, Method::POST, Method::DELETE]);
let route = warp::any().map(warp::reply).with(cors);
let res = warp::test::request()
.method(
"OPTIONS")
.header(
"origin",
"warp")
.header(
"access-control-request-method",
"DELETE")
.reply(&route)
.
await;
assert_eq!(res.status(),
200);
let res = warp::test::request()
.method(
"OPTIONS")
.header(
"origin",
"warp")
.header(
"access-control-request-method",
"PUT")
.reply(&route)
.
await;
assert_eq!(res.status(),
403);
}
#[tokio::test]
async fn origin_not_allowed() {
let cors = warp::cors()
.allow_methods(&[Method::DELETE])
.allow_origin(
"https://hyper.rs");
let route = warp::any().map(warp::reply).with(cors);
let res = warp::test::request()
.method(
"OPTIONS")
.header(
"origin",
"https://warp.rs")
.header(
"access-control-request-method",
"DELETE")
.reply(&route)
.
await;
assert_eq!(res.status(),
403);
let res = warp::test::request()
.header(
"origin",
"https://warp.rs")
.header(
"access-control-request-method",
"DELETE")
.reply(&route)
.
await;
assert_eq!(res.status(),
403);
}
#[tokio::test]
async fn headers_not_exposed() {
let cors = warp::cors()
.allow_any_origin()
.allow_methods(&[Method::GET]);
let route = warp::any().map(warp::reply).with(cors);
let res = warp::test::request()
.method(
"OPTIONS")
.header(
"origin",
"https://warp.rs")
.header(
"access-control-request-method",
"GET")
.reply(&route)
.
await;
assert_eq!(
res.headers().contains_key(
"access-control-expose-headers"),
false
);
let res = warp::test::request()
.method(
"GET")
.header(
"origin",
"https://warp.rs")
.reply(&route)
.
await;
assert_eq!(
res.headers().contains_key(
"access-control-expose-headers"),
false
);
}
#[tokio::test]
async fn headers_not_allowed() {
let cors = warp::cors()
.allow_methods(&[Method::DELETE])
.allow_headers(vec![
"x-foo"]);
let route = warp::any().map(warp::reply).with(cors);
let res = warp::test::request()
.method(
"OPTIONS")
.header(
"origin",
"https://warp.rs")
.header(
"access-control-request-headers",
"x-bar")
.header(
"access-control-request-method",
"DELETE")
.reply(&route)
.
await;
assert_eq!(res.status(),
403);
}
#[tokio::test]
async fn success() {
let cors = warp::cors()
.allow_credentials(
true)
.allow_headers(vec![
"x-foo",
"x-bar"])
.allow_methods(&[Method::POST, Method::DELETE])
.expose_header(
"x-header1")
.expose_headers(vec![
"x-header2"])
.max_age(
30);
let route = warp::any().map(warp::reply).with(cors);
// preflight
let res = warp::test::request()
.method(
"OPTIONS")
.header(
"origin",
"https://hyper.rs")
.header(
"access-control-request-headers",
"x-bar, x-foo")
.header(
"access-control-request-method",
"DELETE")
.reply(&route)
.
await;
assert_eq!(res.status(),
200);
assert_eq!(
res.headers()[
"access-control-allow-origin"],
"https://hyper.rs"
);
assert_eq!(res.headers()[
"access-control-allow-credentials"],
"true");
let allowed_headers = &res.headers()[
"access-control-allow-headers"];
assert!(allowed_headers ==
"x-bar, x-foo" || allowed_headers ==
"x-foo, x-bar");
let exposed_headers = &res.headers()[
"access-control-expose-headers"];
assert!(exposed_headers ==
"x-header1, x-header2" || exposed_headers ==
"x-header2, x-header1");
assert_eq!(res.headers()[
"access-control-max-age"],
"30");
let methods = &res.headers()[
"access-control-allow-methods"];
assert!(
// HashSet randomly orders these...
methods ==
"DELETE, POST" || methods ==
"POST, DELETE",
"access-control-allow-methods: {:?}",
methods,
);
// cors request
let res = warp::test::request()
.method(
"DELETE")
.header(
"origin",
"https://hyper.rs")
.header(
"x-foo",
"hello")
.header(
"x-bar",
"world")
.reply(&route)
.
await;
assert_eq!(res.status(),
200);
assert_eq!(
res.headers()[
"access-control-allow-origin"],
"https://hyper.rs"
);
assert_eq!(res.headers()[
"access-control-allow-credentials"],
"true");
assert_eq!(res.headers().get(
"access-control-max-age"), None);
assert_eq!(res.headers().get(
"access-control-allow-methods"), None);
let exposed_headers = &res.headers()[
"access-control-expose-headers"];
assert!(exposed_headers ==
"x-header1, x-header2" || exposed_headers ==
"x-header2, x-header1");
}
#[tokio::test]
async fn with_log() {
let cors = warp::cors()
.allow_any_origin()
.allow_methods(&[Method::GET]);
let route = warp::any()
.map(warp::reply)
.with(cors)
.with(warp::log(
"cors test"));
let res = warp::test::request()
.method(
"OPTIONS")
.header(
"origin",
"warp")
.header(
"access-control-request-method",
"GET")
.reply(&route)
.
await;
assert_eq!(res.status(),
200);
}