You are here

Home » API reference » farmOS 2.x » CorsResponseEventSubscriberTest.php » CorsResponseEventSubscriberTest

public function CorsResponseEventSubscriberTest::testCorsResponseHeaders in farmOS 2.x

Test CORS response headers are correctly added.

File

modules/core/api/tests/src/Functional/CorsResponseEventSubscriberTest.php, line 51

Class

CorsResponseEventSubscriberTest
Tests that CORS headers are properly added.

Namespace

Drupal\Tests\farm_api\Functional

Code

public function testCorsResponseHeaders() {

  // A request with no Origin should not have CORS headers on the response.
  $request_options[RequestOptions::HEADERS]['Accept'] = 'application/vnd.api+json';
  $uri = "base://api";
  $response = $this
    ->request('OPTIONS', Url::fromUri($uri), $request_options);
  $this
    ->assertSame(200, $response
    ->getStatusCode());
  $this
    ->assertValidCorsHeaders($response);

  // Try an invalid origin.
  $farmos_app_origin = 'https://farmOS.app';
  $request_options[RequestOptions::HEADERS]['Origin'] = $farmos_app_origin;
  $response = $this
    ->request('OPTIONS', Url::fromUri($uri), $request_options);
  $this
    ->assertSame(200, $response
    ->getStatusCode());
  $this
    ->assertValidCorsHeaders($response);

  // Configure an allowed origin on the consumer.
  $this->consumer
    ->set('allowed_origins', [
    $farmos_app_origin,
  ]);
  $this->consumer
    ->save();

  // Make a request with the allowed origin configured.
  $response = $this
    ->request('OPTIONS', Url::fromUri($uri), $request_options);
  $this
    ->assertSame(200, $response
    ->getStatusCode());
  $this
    ->assertValidCorsHeaders($response, $farmos_app_origin);

  // Add another allowed_origin and test that multiple allowed origins work.
  $custom_app_origin = 'https://customApp.com';
  $this->consumer
    ->set('allowed_origins', [
    $farmos_app_origin,
    $custom_app_origin,
  ]);
  $this->consumer
    ->save();

  // Make a request from the first allowed origin.
  $request_options[RequestOptions::HEADERS]['Origin'] = $farmos_app_origin;
  $response = $this
    ->request('OPTIONS', Url::fromUri($uri), $request_options);
  $this
    ->assertSame(200, $response
    ->getStatusCode());
  $this
    ->assertValidCorsHeaders($response, $farmos_app_origin);

  // Make a request from the second allowed origin.
  $request_options[RequestOptions::HEADERS]['Origin'] = $custom_app_origin;
  $response = $this
    ->request('OPTIONS', Url::fromUri($uri), $request_options);
  $this
    ->assertSame(200, $response
    ->getStatusCode());
  $this
    ->assertValidCorsHeaders($response, $custom_app_origin);
}