mirror
/
tiangolo.fastapi
mirror of https://github.com/tiangolo/fastapi
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge 807f17e18a into 1d434dec47

pull/13469/merge
alv2017 5 days ago
committed by GitHub
parent
1d434dec47 807f17e18a
commit
e7196643e2
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
1 changed files with 111 additions and 35 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 146
      tests/test_tutorial/test_cors/test_tutorial001.py

146
tests/test_tutorial/test_cors/test_tutorial001.py
View File

@ -1,37 +1,113 @@
import pytest
from fastapi.testclient import TestClient from fastapi.testclient import TestClient
from docs_src.cors.tutorial001 import app from docs_src.cors.tutorial001 import app, origins
def test_cors(): @pytest.fixture(name="client")
client = TestClient(app) def get_test_client():
# Test pre-flight response return TestClient(app)
headers = {
"Origin": "https://localhost.tiangolo.com",
"Access-Control-Request-Method": "GET", class TestCORS:
"Access-Control-Request-Headers": "X-Example", allowed_origins = origins
}
response = client.options("/", headers=headers) @pytest.mark.parametrize("allowed_origin_url", origins)
assert response.status_code == 200, response.text def test_preflight_with_allowed_origin(self, client, allowed_origin_url):
assert response.text == "OK" origin_url = allowed_origin_url
assert ( headers = {
response.headers["access-control-allow-origin"] "Origin": origin_url,
== "https://localhost.tiangolo.com" "Access-Control-Request-Method": "GET",
) "Access-Control-Request-Headers": "X-Example-1, X-Example-2",
assert response.headers["access-control-allow-headers"] == "X-Example" }
response = client.options("/", headers=headers)
# Test standard response assert origin_url in self.allowed_origins
headers = {"Origin": "https://localhost.tiangolo.com"} # response
response = client.get("/", headers=headers) assert response.status_code == 200
assert response.status_code == 200, response.text assert response.text == "OK"
assert response.json() == {"message": "Hello World"} # response headers: cors
assert ( assert "access-control-allow-methods" in response.headers
response.headers["access-control-allow-origin"] assert "access-control-allow-credentials" in response.headers
== "https://localhost.tiangolo.com" assert "access-control-max-age" in response.headers
) assert "access-control-allow-headers" in response.headers
assert (
# Test non-CORS response response.headers["access-control-allow-headers"]
response = client.get("/") == "X-Example-1, X-Example-2"
assert response.status_code == 200, response.text )
assert response.json() == {"message": "Hello World"} # response headers: cors: origin
assert "access-control-allow-origin" not in response.headers assert "access-control-allow-origin" in response.headers
assert response.headers["access-control-allow-origin"] == origin_url
def test_preflight_with_not_allowed_origin(self, client):
origin_url = "https://www.example.com"
headers = {
"Origin": origin_url,
"Access-Control-Request-Method": "GET",
"Access-Control-Request-Headers": "X-Example-1, X-Example-2",
}
response = client.options("/", headers=headers)
assert origin_url not in self.allowed_origins
# response
assert response.status_code == 400
assert response.text == "Disallowed CORS origin"
# response headers: cors
assert "access-control-allow-methods" in response.headers
assert "access-control-allow-credentials" in response.headers
assert "access-control-max-age" in response.headers
assert "access-control-allow-headers" in response.headers
assert (
response.headers["access-control-allow-headers"]
== "X-Example-1, X-Example-2"
)
# response headers: cors: origin
assert "access-control-allow-origin" not in response.headers
@pytest.mark.parametrize("allowed_origin_url", origins)
def test_simple_response_with_allowed_origin(self, client, allowed_origin_url):
origin_url = allowed_origin_url
headers = {
"Origin": origin_url,
}
response = client.get("/", headers=headers)
assert origin_url in self.allowed_origins
# response
assert response.status_code == 200
assert response.json() == {"message": "Hello World"}
# response headers: cors
assert "access-control-allow-methods" not in response.headers
assert "access-control-allow-credentials" in response.headers
assert "access-control-max-age" not in response.headers
assert "access-control-allow-headers" not in response.headers
# response headers: cors: origin
assert "access-control-allow-origin" in response.headers
assert response.headers["access-control-allow-origin"] == origin_url
def test_simple_response_with_not_allowed_origin(self, client):
origin_url = "https://example.com"
headers = {
"Origin": origin_url,
}
response = client.get("/", headers=headers)
assert origin_url not in self.allowed_origins
# response
assert response.status_code == 200
assert response.json() == {"message": "Hello World"}
# response headers: cors
assert "access-control-allow-methods" not in response.headers
assert "access-control-allow-credentials" in response.headers
assert "access-control-max-age" not in response.headers
assert "access-control-allow-headers" not in response.headers
# response headers: cors: origin
assert "access-control-allow-origin" not in response.headers
def test_non_cors_response(self, client):
response = client.get("/")
# response
assert response.status_code == 200, response.text
assert response.json() == {"message": "Hello World"}
# response headers: cors
assert "access-control-allow-methods" not in response.headers
assert "access-control-allow-credentials" not in response.headers
assert "access-control-max-age" not in response.headers
assert "access-control-allow-headers" not in response.headers
assert "access-control-allow-origin" not in response.headers

Write Preview
Loading…
Cancel
Save