2019-06-11 16:23:20 +00:00
|
|
|
package handler_test
|
2015-02-09 18:37:06 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
2017-04-12 09:52:02 +00:00
|
|
|
"net/http/httptest"
|
2015-02-09 18:37:06 +00:00
|
|
|
"testing"
|
2015-12-25 21:33:27 +00:00
|
|
|
|
2019-06-11 16:23:20 +00:00
|
|
|
. "github.com/tus/tusd/pkg/handler"
|
2015-02-09 18:37:06 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
func TestCORS(t *testing.T) {
|
2023-06-13 13:58:42 +00:00
|
|
|
SubTest(t, "PreFlight - Conditional allow methods", func(t *testing.T, store *MockFullDataStore, composer *StoreComposer) {
|
2016-10-13 16:08:34 +00:00
|
|
|
handler, _ := NewHandler(Config{
|
2023-06-13 13:58:42 +00:00
|
|
|
StoreComposer: composer,
|
|
|
|
CorsOrigin: "https://tus.io",
|
|
|
|
DisableTermination: true,
|
|
|
|
DisableDownload: true,
|
2016-10-13 16:08:34 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
(&httpTest{
|
|
|
|
Method: "OPTIONS",
|
|
|
|
ReqHeader: map[string]string{
|
2023-06-13 13:58:42 +00:00
|
|
|
"Origin": "https://tus.io",
|
2016-10-13 16:08:34 +00:00
|
|
|
},
|
|
|
|
Code: http.StatusOK,
|
|
|
|
ResHeader: map[string]string{
|
2020-04-06 10:24:05 +00:00
|
|
|
"Access-Control-Allow-Headers": "Authorization, Origin, X-Requested-With, X-Request-ID, X-HTTP-Method-Override, Content-Type, Upload-Length, Upload-Offset, Tus-Resumable, Upload-Metadata, Upload-Defer-Length, Upload-Concat",
|
2023-06-13 13:58:42 +00:00
|
|
|
"Access-Control-Allow-Methods": "POST, HEAD, PATCH, OPTIONS",
|
2022-03-28 21:43:35 +00:00
|
|
|
"Access-Control-Max-Age": "86400",
|
2023-06-13 13:58:42 +00:00
|
|
|
"Access-Control-Allow-Origin": "https://tus.io",
|
2022-03-28 21:43:35 +00:00
|
|
|
},
|
|
|
|
}).Run(handler, t)
|
|
|
|
})
|
2023-06-13 13:58:42 +00:00
|
|
|
SubTest(t, "PreFlight - No Origin configured", func(t *testing.T, store *MockFullDataStore, composer *StoreComposer) {
|
|
|
|
composer = NewStoreComposer()
|
|
|
|
composer.UseCore(store)
|
2022-03-28 21:43:35 +00:00
|
|
|
|
|
|
|
handler, _ := NewHandler(Config{
|
2023-06-13 13:58:42 +00:00
|
|
|
StoreComposer: composer,
|
|
|
|
CorsOrigin: "",
|
2022-03-28 21:43:35 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
(&httpTest{
|
|
|
|
Method: "OPTIONS",
|
2023-06-13 13:58:42 +00:00
|
|
|
DisallowedResHeader: []string{
|
|
|
|
"Access-Control-Allow-Origin",
|
|
|
|
"Access-Control-Allow-Methods",
|
|
|
|
"Access-Control-Allow-Headers",
|
|
|
|
"Access-Control-Max-Age",
|
|
|
|
},
|
|
|
|
Code: http.StatusOK,
|
2022-03-28 21:43:35 +00:00
|
|
|
ReqHeader: map[string]string{
|
2023-06-13 13:58:42 +00:00
|
|
|
"Origin": "https://tus.io",
|
|
|
|
},
|
|
|
|
}).Run(handler, t)
|
|
|
|
})
|
|
|
|
SubTest(t, "PreFlight - Disabled CORS", func(t *testing.T, store *MockFullDataStore, composer *StoreComposer) {
|
|
|
|
composer = NewStoreComposer()
|
|
|
|
composer.UseCore(store)
|
|
|
|
|
|
|
|
handler, _ := NewHandler(Config{
|
|
|
|
StoreComposer: composer,
|
|
|
|
CorsOrigin: "",
|
|
|
|
DisableCors: true,
|
|
|
|
})
|
|
|
|
|
|
|
|
(&httpTest{
|
|
|
|
Method: "OPTIONS",
|
|
|
|
DisallowedResHeader: []string{
|
|
|
|
"Access-Control-Allow-Origin",
|
|
|
|
"Access-Control-Allow-Methods",
|
|
|
|
"Access-Control-Allow-Headers",
|
|
|
|
"Access-Control-Max-Age",
|
2022-03-28 21:43:35 +00:00
|
|
|
},
|
|
|
|
Code: http.StatusOK,
|
2023-06-13 13:58:42 +00:00
|
|
|
ReqHeader: map[string]string{
|
|
|
|
"Origin": "https://tus.io",
|
|
|
|
},
|
|
|
|
}).Run(handler, t)
|
|
|
|
})
|
|
|
|
SubTest(t, "PreFlight - Wildcard Origin", func(t *testing.T, store *MockFullDataStore, composer *StoreComposer) {
|
|
|
|
composer = NewStoreComposer()
|
|
|
|
composer.UseCore(store)
|
|
|
|
|
|
|
|
handler, _ := NewHandler(Config{
|
|
|
|
StoreComposer: composer,
|
|
|
|
CorsOrigin: "*",
|
|
|
|
})
|
|
|
|
|
|
|
|
(&httpTest{
|
|
|
|
Method: "OPTIONS",
|
2022-03-28 21:43:35 +00:00
|
|
|
ResHeader: map[string]string{
|
2023-06-13 13:58:42 +00:00
|
|
|
"Access-Control-Allow-Origin": "*",
|
|
|
|
"Access-Control-Allow-Methods": "POST, HEAD, PATCH, OPTIONS, GET, DELETE",
|
2022-03-28 21:43:35 +00:00
|
|
|
"Access-Control-Allow-Headers": "Authorization, Origin, X-Requested-With, X-Request-ID, X-HTTP-Method-Override, Content-Type, Upload-Length, Upload-Offset, Tus-Resumable, Upload-Metadata, Upload-Defer-Length, Upload-Concat",
|
2016-10-13 16:08:34 +00:00
|
|
|
"Access-Control-Max-Age": "86400",
|
2023-06-13 13:58:42 +00:00
|
|
|
},
|
|
|
|
Code: http.StatusOK,
|
|
|
|
ReqHeader: map[string]string{
|
|
|
|
"Origin": "https://tus.io",
|
2016-10-13 16:08:34 +00:00
|
|
|
},
|
|
|
|
}).Run(handler, t)
|
2016-03-11 19:46:34 +00:00
|
|
|
})
|
2023-06-13 13:58:42 +00:00
|
|
|
SubTest(t, "PreFlight - Matching Origin", func(t *testing.T, store *MockFullDataStore, composer *StoreComposer) {
|
|
|
|
composer = NewStoreComposer()
|
|
|
|
composer.UseCore(store)
|
2015-02-09 18:37:06 +00:00
|
|
|
|
2016-10-13 16:08:34 +00:00
|
|
|
handler, _ := NewHandler(Config{
|
2019-08-20 14:16:05 +00:00
|
|
|
StoreComposer: composer,
|
2023-06-13 13:58:42 +00:00
|
|
|
CorsOrigin: "https://tus.io",
|
2016-10-13 16:08:34 +00:00
|
|
|
})
|
2015-02-09 18:37:06 +00:00
|
|
|
|
2016-10-13 16:08:34 +00:00
|
|
|
(&httpTest{
|
2023-06-13 13:58:42 +00:00
|
|
|
Method: "OPTIONS",
|
|
|
|
ResHeader: map[string]string{
|
|
|
|
"Access-Control-Allow-Origin": "https://tus.io",
|
|
|
|
"Access-Control-Allow-Methods": "POST, HEAD, PATCH, OPTIONS, GET, DELETE",
|
|
|
|
"Access-Control-Allow-Headers": "Authorization, Origin, X-Requested-With, X-Request-ID, X-HTTP-Method-Override, Content-Type, Upload-Length, Upload-Offset, Tus-Resumable, Upload-Metadata, Upload-Defer-Length, Upload-Concat",
|
|
|
|
"Access-Control-Max-Age": "86400",
|
|
|
|
},
|
|
|
|
Code: http.StatusOK,
|
2016-10-13 16:08:34 +00:00
|
|
|
ReqHeader: map[string]string{
|
2023-06-13 13:58:42 +00:00
|
|
|
"Origin": "https://tus.io",
|
2016-10-13 16:08:34 +00:00
|
|
|
},
|
2023-06-13 13:58:42 +00:00
|
|
|
}).Run(handler, t)
|
|
|
|
})
|
|
|
|
SubTest(t, "PreFlight - Not Matching Origin", func(t *testing.T, store *MockFullDataStore, composer *StoreComposer) {
|
|
|
|
composer = NewStoreComposer()
|
|
|
|
composer.UseCore(store)
|
|
|
|
|
|
|
|
handler, _ := NewHandler(Config{
|
|
|
|
StoreComposer: composer,
|
|
|
|
CorsOrigin: "https://tus.net",
|
|
|
|
})
|
|
|
|
|
|
|
|
(&httpTest{
|
|
|
|
Method: "OPTIONS",
|
|
|
|
DisallowedResHeader: []string{
|
|
|
|
"Access-Control-Allow-Origin",
|
|
|
|
"Access-Control-Allow-Methods",
|
|
|
|
"Access-Control-Allow-Headers",
|
|
|
|
"Access-Control-Max-Age",
|
|
|
|
},
|
|
|
|
Code: http.StatusOK,
|
|
|
|
ReqHeader: map[string]string{
|
|
|
|
"Origin": "https://tus.io",
|
|
|
|
},
|
|
|
|
}).Run(handler, t)
|
|
|
|
})
|
|
|
|
SubTest(t, "Actual Request - Wildcard Origin", func(t *testing.T, store *MockFullDataStore, composer *StoreComposer) {
|
|
|
|
composer = NewStoreComposer()
|
|
|
|
composer.UseCore(store)
|
|
|
|
|
|
|
|
handler, _ := NewHandler(Config{
|
|
|
|
StoreComposer: composer,
|
|
|
|
CorsOrigin: "*",
|
|
|
|
})
|
|
|
|
|
|
|
|
(&httpTest{
|
|
|
|
Method: "POST",
|
2016-10-13 16:08:34 +00:00
|
|
|
ResHeader: map[string]string{
|
2023-06-13 13:58:42 +00:00
|
|
|
"Access-Control-Allow-Origin": "*",
|
2018-11-10 20:10:38 +00:00
|
|
|
"Access-Control-Expose-Headers": "Upload-Offset, Location, Upload-Length, Tus-Version, Tus-Resumable, Tus-Max-Size, Tus-Extension, Upload-Metadata, Upload-Defer-Length, Upload-Concat",
|
2023-06-13 13:58:42 +00:00
|
|
|
},
|
|
|
|
DisallowedResHeader: []string{
|
|
|
|
"Access-Control-Allow-Methods",
|
|
|
|
"Access-Control-Allow-Headers",
|
|
|
|
"Access-Control-Max-Age",
|
|
|
|
},
|
|
|
|
Code: http.StatusPreconditionFailed,
|
|
|
|
ReqHeader: map[string]string{
|
|
|
|
"Origin": "https://tus.io",
|
2016-10-13 16:08:34 +00:00
|
|
|
},
|
|
|
|
}).Run(handler, t)
|
|
|
|
})
|
2023-06-13 13:58:42 +00:00
|
|
|
SubTest(t, "Actual Request - Matching Origin", func(t *testing.T, store *MockFullDataStore, composer *StoreComposer) {
|
|
|
|
composer = NewStoreComposer()
|
|
|
|
composer.UseCore(store)
|
2017-04-12 09:52:02 +00:00
|
|
|
|
2023-06-13 13:58:42 +00:00
|
|
|
handler, _ := NewHandler(Config{
|
|
|
|
StoreComposer: composer,
|
|
|
|
CorsOrigin: "https://tus.io",
|
|
|
|
})
|
|
|
|
|
|
|
|
(&httpTest{
|
|
|
|
Method: "POST",
|
|
|
|
ResHeader: map[string]string{
|
|
|
|
"Access-Control-Allow-Origin": "https://tus.io",
|
|
|
|
"Access-Control-Expose-Headers": "Upload-Offset, Location, Upload-Length, Tus-Version, Tus-Resumable, Tus-Max-Size, Tus-Extension, Upload-Metadata, Upload-Defer-Length, Upload-Concat",
|
|
|
|
},
|
|
|
|
DisallowedResHeader: []string{
|
|
|
|
"Access-Control-Allow-Methods",
|
|
|
|
"Access-Control-Allow-Headers",
|
|
|
|
"Access-Control-Max-Age",
|
|
|
|
},
|
|
|
|
Code: http.StatusPreconditionFailed,
|
|
|
|
ReqHeader: map[string]string{
|
|
|
|
"Origin": "https://tus.io",
|
|
|
|
},
|
|
|
|
}).Run(handler, t)
|
|
|
|
})
|
2019-08-20 14:16:05 +00:00
|
|
|
SubTest(t, "AppendHeaders", func(t *testing.T, store *MockFullDataStore, composer *StoreComposer) {
|
2017-04-12 09:52:02 +00:00
|
|
|
handler, _ := NewHandler(Config{
|
2019-08-20 14:16:05 +00:00
|
|
|
StoreComposer: composer,
|
2017-04-12 09:52:02 +00:00
|
|
|
})
|
|
|
|
|
|
|
|
req, _ := http.NewRequest("OPTIONS", "", nil)
|
|
|
|
req.Header.Set("Tus-Resumable", "1.0.0")
|
2023-06-13 13:58:42 +00:00
|
|
|
req.Header.Set("Origin", "https://tus.io")
|
2017-04-12 09:52:02 +00:00
|
|
|
req.Host = "tus.io"
|
|
|
|
|
|
|
|
res := httptest.NewRecorder()
|
2019-10-08 08:30:19 +00:00
|
|
|
res.Header().Set("Access-Control-Allow-Headers", "HEADER")
|
|
|
|
res.Header().Set("Access-Control-Allow-Methods", "METHOD")
|
2017-04-12 09:52:02 +00:00
|
|
|
handler.ServeHTTP(res, req)
|
|
|
|
|
2019-10-08 08:30:19 +00:00
|
|
|
headers := res.Header()["Access-Control-Allow-Headers"]
|
|
|
|
methods := res.Header()["Access-Control-Allow-Methods"]
|
2017-04-12 09:52:02 +00:00
|
|
|
|
|
|
|
if headers[0] != "HEADER" {
|
|
|
|
t.Errorf("expected header to contain HEADER but got: %#v", headers)
|
|
|
|
}
|
|
|
|
|
|
|
|
if methods[0] != "METHOD" {
|
2019-10-08 08:30:19 +00:00
|
|
|
t.Errorf("expected header to contain METHOD but got: %#v", methods)
|
2017-04-12 09:52:02 +00:00
|
|
|
}
|
|
|
|
})
|
2015-02-09 18:37:06 +00:00
|
|
|
}
|