couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject Re: [2/3] git commit: add test case: auth with wildcard should fail
Date Tue, 04 Dec 2012 20:55:10 GMT
Bah, bad commit. I fix it in [1/3]:

-test_auth_with_wildcard() ->
+test_credentials_with_wildcard() ->
    Headers = [{"Origin", "http://example.com"},
               {"Access-Control-Request-Method", "GET"}],
    case ibrowse:send_req(server(), Headers, get, [], [{basic_auth, {"test", "test"}}]) of
    {ok, _, RespHeaders, _}  ->
        % I would either expect the current origin or a wildcard to be returned
-        etap:is(proplists:get_value("Access-Control-Allow-Origin", RespHeaders),
+        etap:is(proplists:get_value("Access-Control-Allow-Credentials", RespHeaders),
            undefined,
-            "auth with wildcard should fail");
+            "credentials with wildcard should fail");
    _ ->
        etap:is(false, true, "ibrowse failed")
    end.

that should have been the original commit, not sure how I mixed this one up.

Sorry!
Jan
--

On Dec 4, 2012, at 21:44 , Benoit Chesneau <bchesneau@gmail.com> wrote:

> This test is not appropriate imo.
> 
> That's not that auth should fails, CORS is nothing about authorizations
> What the spec says is that we should omit credentials flags for wildcards
> origin.
> 
> 
> - BenoƮt
> 
> 
> 
> 
> 
> 
> 
> On Tue, Dec 4, 2012 at 9:33 PM, <jan@apache.org> wrote:
> 
>> add test case: auth with wildcard should fail
>> 
>> 
>> Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
>> Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/95b15e41
>> Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/95b15e41
>> Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/95b15e41
>> 
>> Branch: refs/heads/431-feature-cors
>> Commit: 95b15e41aec707bdddf3f7ada92b3c8432d3293c
>> Parents: b48284c
>> Author: Jan Lehnardt <jan@apache.org>
>> Authored: Tue Dec 4 21:06:28 2012 +0100
>> Committer: Jan Lehnardt <jan@apache.org>
>> Committed: Tue Dec 4 21:06:28 2012 +0100
>> 
>> ----------------------------------------------------------------------
>> test/etap/231-cors.t |   22 ++++++++++++++++++----
>> 1 files changed, 18 insertions(+), 4 deletions(-)
>> ----------------------------------------------------------------------
>> 
>> 
>> 
>> http://git-wip-us.apache.org/repos/asf/couchdb/blob/95b15e41/test/etap/231-cors.t
>> ----------------------------------------------------------------------
>> diff --git a/test/etap/231-cors.t b/test/etap/231-cors.t
>> index 9dc9fff..b5180d2 100644
>> --- a/test/etap/231-cors.t
>> +++ b/test/etap/231-cors.t
>> @@ -32,7 +32,7 @@ server() ->
>> main(_) ->
>>     test_util:init_code_path(),
>> 
>> -    etap:plan(17),
>> +    etap:plan(18),
>>     case (catch test()) of
>>         ok ->
>>             etap:end_tests();
>> @@ -102,14 +102,14 @@ test() ->
>> 
>>     ok = couch_config:set("cors", "origins", "*", false),
>>     test_preflight_with_wildcard(),
>> +    test_auth_with_wildcard(),
>> 
>>     ok = couch_config:set("cors", "origins", "http://example.com",
>> false),
>> 
>> 
>> -    % TBD
>> -    % case-sensitive mismatch of allowed origins should fail
>>     test_case_sensitive_mismatch_of_allowed_origins(),
>> -    % auth with * Origin should fail
>> +
>> +    % TBD
>>     % test all cors with vhosts
>>     % test multiple per-host configuration
>> 
>> @@ -268,6 +268,20 @@ test_preflight_with_wildcard() ->
>>         etap:is(false, true, "ibrowse failed")
>>     end.
>> 
>> +test_auth_with_wildcard() ->
>> +    Headers = [{"Origin", "http://example.com"},
>> +               {"Access-Control-Request-Method", "GET"}],
>> +    case ibrowse:send_req(server(), Headers, get, [], [{basic_auth,
>> {"test", "test"}}]) of
>> +    {ok, _, RespHeaders, _}  ->
>> +        % I would either expect the current origin or a wildcard to be
>> returned
>> +        etap:is(proplists:get_value("Access-Control-Allow-Origin",
>> RespHeaders),
>> +            undefined,
>> +            "auth with wildcard should fail");
>> +    _ ->
>> +        etap:is(false, true, "ibrowse failed")
>> +    end.
>> +
>> +
>> test_preflight_with_port1() ->
>>     Headers = [{"Origin", "http://example.com:5984"},
>>                {"Access-Control-Request-Method", "GET"}],
>> 
>> 


Mime
View raw message