couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benoit Chesneau <bchesn...@gmail.com>
Subject Re: [2/3] git commit: add test case: auth with wildcard should fail
Date Tue, 04 Dec 2012 20:44:20 GMT
This test is not appropriate imo.

 That's not that auth should fails, CORS is nothing about authorizations
What the spec says is that we should omit credentials flags for wildcards
origin.


- BenoƮt







On Tue, Dec 4, 2012 at 9:33 PM, <jan@apache.org> wrote:

> add test case: auth with wildcard should fail
>
>
> Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
> Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/95b15e41
> Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/95b15e41
> Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/95b15e41
>
> Branch: refs/heads/431-feature-cors
> Commit: 95b15e41aec707bdddf3f7ada92b3c8432d3293c
> Parents: b48284c
> Author: Jan Lehnardt <jan@apache.org>
> Authored: Tue Dec 4 21:06:28 2012 +0100
> Committer: Jan Lehnardt <jan@apache.org>
> Committed: Tue Dec 4 21:06:28 2012 +0100
>
> ----------------------------------------------------------------------
>  test/etap/231-cors.t |   22 ++++++++++++++++++----
>  1 files changed, 18 insertions(+), 4 deletions(-)
> ----------------------------------------------------------------------
>
>
>
> http://git-wip-us.apache.org/repos/asf/couchdb/blob/95b15e41/test/etap/231-cors.t
> ----------------------------------------------------------------------
> diff --git a/test/etap/231-cors.t b/test/etap/231-cors.t
> index 9dc9fff..b5180d2 100644
> --- a/test/etap/231-cors.t
> +++ b/test/etap/231-cors.t
> @@ -32,7 +32,7 @@ server() ->
>  main(_) ->
>      test_util:init_code_path(),
>
> -    etap:plan(17),
> +    etap:plan(18),
>      case (catch test()) of
>          ok ->
>              etap:end_tests();
> @@ -102,14 +102,14 @@ test() ->
>
>      ok = couch_config:set("cors", "origins", "*", false),
>      test_preflight_with_wildcard(),
> +    test_auth_with_wildcard(),
>
>      ok = couch_config:set("cors", "origins", "http://example.com",
> false),
>
>
> -    % TBD
> -    % case-sensitive mismatch of allowed origins should fail
>      test_case_sensitive_mismatch_of_allowed_origins(),
> -    % auth with * Origin should fail
> +
> +    % TBD
>      % test all cors with vhosts
>      % test multiple per-host configuration
>
> @@ -268,6 +268,20 @@ test_preflight_with_wildcard() ->
>          etap:is(false, true, "ibrowse failed")
>      end.
>
> +test_auth_with_wildcard() ->
> +    Headers = [{"Origin", "http://example.com"},
> +               {"Access-Control-Request-Method", "GET"}],
> +    case ibrowse:send_req(server(), Headers, get, [], [{basic_auth,
> {"test", "test"}}]) of
> +    {ok, _, RespHeaders, _}  ->
> +        % I would either expect the current origin or a wildcard to be
> returned
> +        etap:is(proplists:get_value("Access-Control-Allow-Origin",
> RespHeaders),
> +            undefined,
> +            "auth with wildcard should fail");
> +    _ ->
> +        etap:is(false, true, "ibrowse failed")
> +    end.
> +
> +
>  test_preflight_with_port1() ->
>      Headers = [{"Origin", "http://example.com:5984"},
>                 {"Access-Control-Request-Method", "GET"}],
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message