Skip to content

Commit af63f22

Browse files
committed
test: Cover CORS preflight optional header omission
1 parent e43c47a commit af63f22

1 file changed

Lines changed: 40 additions & 0 deletions

File tree

src/test/java/com/retailsvc/http/CorsPreflightHandlerTest.java

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -56,4 +56,44 @@ void corsPreflightHandlerReturns204WithExpectedHeadersOnValidPreflight() {
5656
.containsEntry("Access-Control-Max-Age", "600")
5757
.containsEntry("Vary", "Origin");
5858
}
59+
60+
@Test
61+
void corsPreflightHandlerOmitsAllowCredentialsWhenFalse() {
62+
RequestHandler handler =
63+
Handlers.corsPreflightHandler(ORIGINS, METHODS, HEADERS, false, Duration.ofMinutes(10));
64+
65+
Response resp = handler.handle(preflight("https://app.example.com", "POST", "content-type"));
66+
67+
assertThat(resp.headers()).doesNotContainKey("Access-Control-Allow-Credentials");
68+
}
69+
70+
@Test
71+
void corsPreflightHandlerOmitsMaxAgeWhenNull() {
72+
RequestHandler handler = Handlers.corsPreflightHandler(ORIGINS, METHODS, HEADERS, true, null);
73+
74+
Response resp = handler.handle(preflight("https://app.example.com", "POST", "content-type"));
75+
76+
assertThat(resp.headers()).doesNotContainKey("Access-Control-Max-Age");
77+
}
78+
79+
@Test
80+
void corsPreflightHandlerEmitsMaxAgeInSecondsWhenSet() {
81+
RequestHandler handler =
82+
Handlers.corsPreflightHandler(ORIGINS, METHODS, HEADERS, false, Duration.ofSeconds(75));
83+
84+
Response resp = handler.handle(preflight("https://app.example.com", "POST", "content-type"));
85+
86+
assertThat(resp.headers()).containsEntry("Access-Control-Max-Age", "75");
87+
}
88+
89+
@Test
90+
void corsPreflightHandlerOmitsAllowHeadersWhenListEmpty() {
91+
RequestHandler handler =
92+
Handlers.corsPreflightHandler(ORIGINS, METHODS, List.of(), false, null);
93+
94+
Response resp = handler.handle(preflight("https://app.example.com", "POST", ""));
95+
96+
assertThat(resp.headers()).doesNotContainKey("Access-Control-Allow-Headers");
97+
assertThat(resp.status()).isEqualTo(HTTP_NO_CONTENT);
98+
}
5999
}

0 commit comments

Comments
 (0)