class CorsIntegrationTest in Drupal 10

Same name and namespace in other branches

8 core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php \Drupal\FunctionalTests\HttpKernel\CorsIntegrationTest
9 core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php \Drupal\FunctionalTests\HttpKernel\CorsIntegrationTest

Tests CORS provided by Drupal.

@group Http

Hierarchy

class \Drupal\Tests\BrowserTestBase extends \PHPUnit\Framework\TestCase uses \Drupal\Tests\PhpUnitCompatibilityTrait, \Symfony\Bridge\PhpUnit\ExpectDeprecationTrait, FunctionalTestSetupTrait, TestSetupTrait, BlockCreationTrait, ConfigTestTrait, ExtensionListTestTrait, ContentTypeCreationTrait, NodeCreationTrait, RandomGeneratorTrait, TestRequirementsTrait, PhpUnitWarnings, UiHelperTrait, UserCreationTrait, XdebugRequestTrait
- class \Drupal\FunctionalTests\HttpKernel\CorsIntegrationTest

Expanded class hierarchy of CorsIntegrationTest

File

core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php, line 17

Namespace

Drupal\FunctionalTests\HttpKernel

View source

class CorsIntegrationTest extends BrowserTestBase {

  /**
   * {@inheritdoc}
   */
  protected static $modules = [
    'system',
    'test_page_test',
    'page_cache',
  ];

  /**
   * {@inheritdoc}
   */
  protected $defaultTheme = 'stark';
  public function testCrossSiteRequest() {

    // Test default parameters.
    $cors_config = $this->container
      ->getParameter('cors.config');
    $this
      ->assertFalse($cors_config['enabled']);
    $this
      ->assertSame([], $cors_config['allowedHeaders']);
    $this
      ->assertSame([], $cors_config['allowedMethods']);
    $this
      ->assertSame([
      '*',
    ], $cors_config['allowedOrigins']);
    $this
      ->assertFalse($cors_config['exposedHeaders']);
    $this
      ->assertFalse($cors_config['maxAge']);
    $this
      ->assertFalse($cors_config['supportsCredentials']);

    // Enable CORS with the default options.
    $cors_config['enabled'] = TRUE;
    $this
      ->setContainerParameter('cors.config', $cors_config);
    $this
      ->rebuildContainer();

    // Fire off a request.
    $this
      ->drupalGet('/test-page', [], [
      'Origin' => 'http://example.com',
    ]);
    $this
      ->assertSession()
      ->statusCodeEquals(200);
    $this
      ->assertSession()
      ->responseHeaderEquals('X-Drupal-Cache', 'MISS');
    $this
      ->assertSession()
      ->responseHeaderEquals('Access-Control-Allow-Origin', '*');
    $this
      ->assertSession()
      ->responseHeaderNotContains('Vary', 'Origin');

    // Fire the same exact request. This time it should be cached.
    $this
      ->drupalGet('/test-page', [], [
      'Origin' => 'http://example.com',
    ]);
    $this
      ->assertSession()
      ->statusCodeEquals(200);
    $this
      ->assertSession()
      ->responseHeaderEquals('X-Drupal-Cache', 'HIT');
    $this
      ->assertSession()
      ->responseHeaderEquals('Access-Control-Allow-Origin', '*');
    $this
      ->assertSession()
      ->responseHeaderNotContains('Vary', 'Origin');

    // Fire a request for a different origin. Verify the CORS header.
    $this
      ->drupalGet('/test-page', [], [
      'Origin' => 'http://example.org',
    ]);
    $this
      ->assertSession()
      ->statusCodeEquals(200);
    $this
      ->assertSession()
      ->responseHeaderEquals('X-Drupal-Cache', 'HIT');
    $this
      ->assertSession()
      ->responseHeaderEquals('Access-Control-Allow-Origin', '*');
    $this
      ->assertSession()
      ->responseHeaderNotContains('Vary', 'Origin');

    // Configure the CORS stack to allow a specific origin.
    $cors_config['allowedOrigins'] = [
      'http://example.com',
    ];
    $this
      ->setContainerParameter('cors.config', $cors_config);
    $this
      ->rebuildContainer();

    // Fire a request from an origin that isn't allowed.

    /** @var \Symfony\Component\HttpFoundation\Response $response */
    $this
      ->drupalGet('/test-page', [], [
      'Origin' => 'http://non-valid.com',
    ]);
    $this
      ->assertSession()
      ->statusCodeEquals(200);
    $this
      ->assertSession()
      ->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
    $this
      ->assertSession()
      ->responseHeaderNotContains('Vary', 'Origin');

    // Specify a valid origin.
    $this
      ->drupalGet('/test-page', [], [
      'Origin' => 'http://example.com',
    ]);
    $this
      ->assertSession()
      ->statusCodeEquals(200);
    $this
      ->assertSession()
      ->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
    $this
      ->assertSession()
      ->responseHeaderNotContains('Vary', 'Origin');

    // Configure the CORS stack to allow a specific set of origins.
    $cors_config['allowedOrigins'] = [
      'http://example.com',
      'https://drupal.org',
    ];
    $this
      ->setContainerParameter('cors.config', $cors_config);
    $this
      ->rebuildContainer();

    // Fire a request from an origin that isn't allowed.

    /** @var \Symfony\Component\HttpFoundation\Response $response */
    $this
      ->drupalGet('/test-page', [], [
      'Origin' => 'http://non-valid.com',
    ]);
    $this
      ->assertSession()
      ->statusCodeEquals(200);
    $this
      ->assertSession()
      ->responseHeaderEquals('Access-Control-Allow-Origin', NULL);
    $this
      ->assertSession()
      ->responseHeaderContains('Vary', 'Origin');

    // Specify a valid origin.
    $this
      ->drupalGet('/test-page', [], [
      'Origin' => 'http://example.com',
    ]);
    $this
      ->assertSession()
      ->statusCodeEquals(200);
    $this
      ->assertSession()
      ->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
    $this
      ->assertSession()
      ->responseHeaderContains('Vary', 'Origin');

    // Specify a valid origin.
    $this
      ->drupalGet('/test-page', [], [
      'Origin' => 'https://drupal.org',
    ]);
    $this
      ->assertSession()
      ->statusCodeEquals(200);
    $this
      ->assertSession()
      ->responseHeaderEquals('Access-Control-Allow-Origin', 'https://drupal.org');
    $this
      ->assertSession()
      ->responseHeaderContains('Vary', 'Origin');

    // Verify POST still functions with 'Origin' header set to site's domain.
    $origin = \Drupal::request()
      ->getSchemeAndHttpHost();

    /** @var \GuzzleHttp\ClientInterface $httpClient */
    $httpClient = $this
      ->getSession()
      ->getDriver()
      ->getClient()
      ->getClient();
    $url = Url::fromUri('base:/test-page');
    $response = $httpClient
      ->request('POST', $url
      ->setAbsolute()
      ->toString(), [
      'headers' => [
        'Origin' => $origin,
      ],
    ]);
    $this
      ->assertEquals(200, $response
      ->getStatusCode());
  }

}

Members

Name	Modifiers	Type	Description	Overrides
BrowserHtmlDebugTrait::$htmlOutputBaseUrl	protected	property	The Base URI to use for links to the output files.
BrowserHtmlDebugTrait::$htmlOutputClassName	protected	property	Class name for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputCounter	protected	property	Counter for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputCounterStorage	protected	property	Counter storage for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputDirectory	protected	property	Directory name for HTML output logging.
BrowserHtmlDebugTrait::$htmlOutputEnabled	protected	property	HTML output enabled.
BrowserHtmlDebugTrait::$htmlOutputFile	protected	property	The file name to write the list of URLs to.
BrowserHtmlDebugTrait::$htmlOutputTestId	protected	property	HTML output test ID.
BrowserHtmlDebugTrait::formatHtmlOutputHeaders	protected	function	Formats HTTP headers as string for HTML output logging.
BrowserHtmlDebugTrait::getHtmlOutputHeaders	protected	function	Returns headers in HTML output format.	1
BrowserHtmlDebugTrait::getResponseLogHandler	protected	function	Provides a Guzzle middleware handler to log every response received.
BrowserHtmlDebugTrait::htmlOutput	protected	function	Logs a HTML output message in a text file.
BrowserHtmlDebugTrait::initBrowserOutputFile	protected	function	Creates the directory to store browser output.
BrowserTestBase::$baseUrl	protected	property	The base URL.
BrowserTestBase::$configImporter	protected	property	The config importer that can be used in a test.
BrowserTestBase::$customTranslations	protected	property	An array of custom translations suitable for drupal_rewrite_settings().
BrowserTestBase::$databasePrefix	protected	property	The database prefix of this test run.
BrowserTestBase::$mink	protected	property	Mink session manager.
BrowserTestBase::$minkDefaultDriverArgs	protected	property	Mink default driver params.
BrowserTestBase::$minkDefaultDriverClass	protected	property	Mink class for the default driver to use.	1
BrowserTestBase::$originalContainer	protected	property	The original container.
BrowserTestBase::$originalShutdownCallbacks	protected	property	The original array of shutdown function callbacks.
BrowserTestBase::$preserveGlobalState	protected	property
BrowserTestBase::$profile	protected	property	The profile to install as a basis for testing.	14
BrowserTestBase::$root	protected	property	The app root.
BrowserTestBase::$runTestInSeparateProcess	protected	property	Browser tests are run in separate processes to prevent collisions between code that may be loaded by tests.
BrowserTestBase::$timeLimit	protected	property	Time limit in seconds for the test.
BrowserTestBase::$translationFilesDirectory	protected	property	The translation file directory for the test environment.
BrowserTestBase::cleanupEnvironment	protected	function	Clean up the test environment.
BrowserTestBase::config	protected	function	Configuration accessor for tests. Returns non-overridden configuration.
BrowserTestBase::filePreDeleteCallback	public static	function	Ensures test files are deletable.
BrowserTestBase::getDefaultDriverInstance	protected	function	Gets an instance of the default Mink driver.
BrowserTestBase::getDrupalSettings	protected	function	Gets the JavaScript drupalSettings variable for the currently-loaded page.	1
BrowserTestBase::getHttpClient	protected	function	Obtain the HTTP client for the system under test.
BrowserTestBase::getMinkDriverArgs	protected	function	Get the Mink driver args from an environment variable, if it is set. Can be overridden in a derived class so it is possible to use a different value for a subset of tests, e.g. the JavaScript tests.	1
BrowserTestBase::getOptions	protected	function	Helper function to get the options of select field.
BrowserTestBase::getSession	public	function	Returns Mink session.
BrowserTestBase::getSessionCookies	protected	function	Get session cookies from current session.
BrowserTestBase::getTestMethodCaller	protected	function	Retrieves the current calling line in the class under test. Overrides BrowserHtmlDebugTrait::getTestMethodCaller
BrowserTestBase::initFrontPage	protected	function	Visits the front page when initializing Mink.	3
BrowserTestBase::initMink	protected	function	Initializes Mink sessions.	1
BrowserTestBase::installDrupal	public	function	Installs Drupal into the test site.	1
BrowserTestBase::registerSessions	protected	function	Registers additional Mink sessions.
BrowserTestBase::setUp	protected	function		132
BrowserTestBase::setUpAppRoot	protected	function	Sets up the root application path.
BrowserTestBase::setUpBeforeClass	public static	function
BrowserTestBase::tearDown	protected	function		2
BrowserTestBase::translatePostValues	protected	function	Transforms a nested array into a flat array suitable for submitForm().
BrowserTestBase::xpath	protected	function	Performs an xpath search on the contents of the internal browser.
BrowserTestBase::__sleep	public	function	Prevents serializing any properties.
ConfigTestTrait::configImporter	protected	function	Returns a ConfigImporter object to import test configuration.
ConfigTestTrait::copyConfig	protected	function	Copies configuration objects from source storage to target storage.
CorsIntegrationTest::$defaultTheme	protected	property	The theme to install as the default for testing. Overrides BrowserTestBase::$defaultTheme
CorsIntegrationTest::$modules	protected static	property	Modules to enable. Overrides BrowserTestBase::$modules
CorsIntegrationTest::testCrossSiteRequest	public	function
ExtensionListTestTrait::getModulePath	protected	function	Gets the path for the specified module.
ExtensionListTestTrait::getThemePath	protected	function	Gets the path for the specified theme.
FunctionalTestSetupTrait::$apcuEnsureUniquePrefix	protected	property	The flag to set 'apcu_ensure_unique_prefix' setting.	1
FunctionalTestSetupTrait::$classLoader	protected	property	The class loader to use for installation and initialization of setup.
FunctionalTestSetupTrait::$rootUser	protected	property	The "#1" admin user.
FunctionalTestSetupTrait::doInstall	protected	function	Execute the non-interactive installer.	1
FunctionalTestSetupTrait::getDatabaseTypes	protected	function	Returns all supported database driver installer objects.
FunctionalTestSetupTrait::initConfig	protected	function	Initialize various configurations post-installation.
FunctionalTestSetupTrait::initKernel	protected	function	Initializes the kernel after installation.
FunctionalTestSetupTrait::initSettings	protected	function	Initialize settings created during install.
FunctionalTestSetupTrait::initUserSession	protected	function	Initializes user 1 for the site to be installed.
FunctionalTestSetupTrait::installDefaultThemeFromClassProperty	protected	function	Installs the default theme defined by `static::$defaultTheme` when needed.
FunctionalTestSetupTrait::installModulesFromClassProperty	protected	function	Install modules defined by `static::$modules`.	1
FunctionalTestSetupTrait::installParameters	protected	function	Returns the parameters that will be used when the test installs Drupal.	4
FunctionalTestSetupTrait::prepareEnvironment	protected	function	Prepares the current environment for running the test.	21
FunctionalTestSetupTrait::prepareRequestForGenerator	protected	function	Creates a mock request and sets it on the generator.
FunctionalTestSetupTrait::prepareSettings	protected	function	Prepares site settings and services before installation.	3
FunctionalTestSetupTrait::rebuildAll	protected	function	Resets and rebuilds the environment after setup.
FunctionalTestSetupTrait::rebuildContainer	protected	function	Rebuilds \Drupal::getContainer().
FunctionalTestSetupTrait::resetAll	protected	function	Resets all data structures after having enabled new modules.
FunctionalTestSetupTrait::setContainerParameter	protected	function	Changes parameters in the services.yml file.
FunctionalTestSetupTrait::setupBaseUrl	protected	function	Sets up the base URL based upon the environment variable.
FunctionalTestSetupTrait::writeSettings	protected	function	Rewrites the settings.php file of the test site.	1
PhpUnitWarnings::$deprecationWarnings	private static	property	Deprecation warnings from PHPUnit to raise with @trigger_error().
PhpUnitWarnings::addWarning	public	function	Converts PHPUnit deprecation warnings to E_USER_DEPRECATED.
RandomGeneratorTrait::$randomGenerator	protected	property	The random generator.
RandomGeneratorTrait::getRandomGenerator	protected	function	Gets the random generator for the utility methods.
RandomGeneratorTrait::randomMachineName	protected	function	Generates a unique random string containing letters and numbers.
RandomGeneratorTrait::randomObject	public	function	Generates a random PHP object.
RandomGeneratorTrait::randomString	public	function	Generates a pseudo-random string of ASCII characters of codes 32 to 126.
RandomGeneratorTrait::randomStringValidate	public	function	Callback for random string validation.
RefreshVariablesTrait::refreshVariables	protected	function	Refreshes in-memory configuration and state information.	1
SessionTestTrait::$sessionName	protected	property	The name of the session cookie.
SessionTestTrait::generateSessionName	protected	function	Generates a session cookie name.
SessionTestTrait::getSessionName	protected	function	Returns the session name in use on the child site.
StorageCopyTrait::replaceStorageContents	protected static	function	Copy the configuration from one storage to another and remove stale items.
TestRequirementsTrait::checkModuleRequirements	private	function	Checks missing module requirements.
TestRequirementsTrait::checkRequirements	protected	function	Check module requirements for the Drupal use case.
TestRequirementsTrait::getDrupalRoot	protected static	function	Returns the Drupal root directory.
TestSetupTrait::$configSchemaCheckerExclusions	protected static	property	An array of config object names that are excluded from schema checking.
TestSetupTrait::$container	protected	property	The dependency injection container used in the test.
TestSetupTrait::$kernel	protected	property	The DrupalKernel instance used in the test.
TestSetupTrait::$originalSite	protected	property	The site directory of the original parent site.
TestSetupTrait::$privateFilesDirectory	protected	property	The private file directory for the test environment.
TestSetupTrait::$publicFilesDirectory	protected	property	The public file directory for the test environment.
TestSetupTrait::$siteDirectory	protected	property	The site directory of this test run.
TestSetupTrait::$strictConfigSchema	protected	property	Set to TRUE to strict check all configuration saved.	1
TestSetupTrait::$tempFilesDirectory	protected	property	The temporary file directory for the test environment.
TestSetupTrait::$testId	protected	property	The test run ID.
TestSetupTrait::changeDatabasePrefix	protected	function	Changes the database connection to the prefixed one.
TestSetupTrait::getConfigSchemaExclusions	protected	function	Gets the config schema exclusions for this test.
TestSetupTrait::getDatabaseConnection	public static	function	Returns the database connection to the site under test.
TestSetupTrait::prepareDatabasePrefix	protected	function	Generates a database prefix for running tests.	1
UiHelperTrait::$loggedInUser	protected	property	The current user logged in using the Mink controlled browser.
UiHelperTrait::$maximumMetaRefreshCount	protected	property	The number of meta refresh redirects to follow, or NULL if unlimited.
UiHelperTrait::$metaRefreshCount	protected	property	The number of meta refresh redirects followed during ::drupalGet().
UiHelperTrait::assertSession	public	function	Returns WebAssert object.	1
UiHelperTrait::buildUrl	protected	function	Builds an absolute URL from a system path or a URL object.
UiHelperTrait::checkForMetaRefresh	protected	function	Checks for meta refresh tag and if found call drupalGet() recursively.
UiHelperTrait::click	protected	function	Clicks the element with the given CSS selector.
UiHelperTrait::clickLink	protected	function	Follows a link by complete name.
UiHelperTrait::cssSelect	protected	function	Searches elements using a CSS selector in the raw content.
UiHelperTrait::cssSelectToXpath	protected	function	Translates a CSS expression to its XPath equivalent.
UiHelperTrait::drupalGet	protected	function	Retrieves a Drupal path or an absolute path.
UiHelperTrait::drupalLogin	protected	function	Logs in a user using the Mink controlled browser.
UiHelperTrait::drupalLogout	protected	function	Logs a user out of the Mink controlled browser and confirms.
UiHelperTrait::drupalUserIsLoggedIn	protected	function	Returns whether a given user account is logged in.
UiHelperTrait::getAbsoluteUrl	protected	function	Takes a path and returns an absolute path.
UiHelperTrait::getTextContent	protected	function	Retrieves the plain-text content from the current page.
UiHelperTrait::getUrl	protected	function	Get the current URL from the browser.
UiHelperTrait::isTestUsingGuzzleClient	protected	function	Determines if test is using DrupalTestBrowser.
UiHelperTrait::prepareRequest	protected	function	Prepare for a request to testing site.	1
UiHelperTrait::submitForm	protected	function	Fills and submits a form.
XdebugRequestTrait::extractCookiesFromRequest	protected	function	Adds xdebug cookies, from request setup.

You are here

class CorsIntegrationTest in Drupal 10

Hierarchy

See also

File

Namespace

Members

API Navigation