actix/actix-extras
1
0
Fork 0
mirror of https://github.com/actix/actix-extras.git synced 2025-06-26 10:27:42 +02:00
Code Issues Releases Wiki Activity

fix!(cors): default block_on_origin_mismatch to false (#379)

Browse Source
This commit is contained in:
Rob Ede
2024-01-06 20:40:44 +00:00
committed by GitHub
parent e2bf504055
commit d55fc6d7f5
4 changed files with 35 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
actix-cors/tests/tests.rs
View File

@ -382,12 +382,13 @@ async fn test_blocks_mismatched_origin_by_default() {
.to_srv_request();
let res = test::call_service(&cors, req).await;
assert_eq!(res.status(), StatusCode::BAD_REQUEST);
assert_eq!(res.headers().get(header::ACCESS_CONTROL_ALLOW_ORIGIN), None);
assert!(res
assert_eq!(res.status(), StatusCode::OK);
assert!(!res
.headers()
.get(header::ACCESS_CONTROL_ALLOW_METHODS)
.is_none());
.contains_key(header::ACCESS_CONTROL_ALLOW_ORIGIN));
assert!(!res
.headers()
.contains_key(header::ACCESS_CONTROL_ALLOW_METHODS));
}
#[actix_web::test]
@ -529,16 +530,23 @@ async fn vary_header_on_all_handled_responses() {
.await
.unwrap();
// regular request bad origin
// regular request OK with no CORS response headers
let req = TestRequest::default()
.method(Method::PUT)
.insert_header((header::ORIGIN, "https://www.example.com"))
.to_srv_request();
let resp = test::call_service(&cors, req).await;
assert_eq!(resp.status(), StatusCode::BAD_REQUEST);
let res = test::call_service(&cors, req).await;
assert_eq!(res.status(), StatusCode::OK);
assert!(!res
.headers()
.contains_key(header::ACCESS_CONTROL_ALLOW_ORIGIN));
assert!(!res
.headers()
.contains_key(header::ACCESS_CONTROL_ALLOW_METHODS));
#[cfg(not(feature = "draft-private-network-access"))]
assert_eq!(
resp.headers()
res.headers()
.get(header::VARY)
.expect("response should have Vary header")
.to_str()
@ -547,7 +555,7 @@ async fn vary_header_on_all_handled_responses() {
);
#[cfg(feature = "draft-private-network-access")]
assert_eq!(
resp.headers()
res.headers()
.get(header::VARY)
.expect("response should have Vary header")
.to_str()