Skip to content

Commit b9954e6

Browse files
committed
test: Cover CORS preflight case-insensitivity, Vary, list overload
1 parent 58ac1de commit b9954e6

1 file changed

Lines changed: 45 additions & 0 deletions

File tree

src/test/java/com/retailsvc/http/CorsPreflightHandlerTest.java

Lines changed: 45 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616
import java.util.List;
1717
import java.util.Locale;
1818
import java.util.Map;
19+
import java.util.function.Predicate;
1920
import java.util.function.UnaryOperator;
2021
import org.junit.jupiter.api.Test;
2122

@@ -167,4 +168,48 @@ void corsPreflightHandlerRejectsUnknownMethodTokenWith403() {
167168

168169
assertThat(resp.status()).isEqualTo(HTTP_FORBIDDEN);
169170
}
171+
172+
@Test
173+
void corsPreflightHandlerMatchesHeadersCaseInsensitively() {
174+
RequestHandler handler =
175+
Handlers.corsPreflightHandler(
176+
ORIGINS, METHODS, List.of("Content-Type", "Authorization"), false, null);
177+
178+
Response resp =
179+
handler.handle(preflight("https://app.example.com", "POST", "CONTENT-TYPE, authorization"));
180+
181+
assertThat(resp.status()).isEqualTo(HTTP_NO_CONTENT);
182+
}
183+
184+
@Test
185+
void corsPreflightHandlerEchoesOriginAndIncludesVary() {
186+
Predicate<String> anyExampleOrigin = o -> o.endsWith(".example.com");
187+
RequestHandler handler =
188+
Handlers.corsPreflightHandler(anyExampleOrigin, METHODS, HEADERS, false, null);
189+
190+
Response resp =
191+
handler.handle(preflight("https://tenant-7.example.com", "POST", "content-type"));
192+
193+
assertThat(resp.status()).isEqualTo(HTTP_NO_CONTENT);
194+
assertThat(resp.headers())
195+
.containsEntry("Access-Control-Allow-Origin", "https://tenant-7.example.com")
196+
.containsEntry("Vary", "Origin");
197+
}
198+
199+
@Test
200+
void corsPreflightHandlerListOverloadDelegatesToPredicateBehaviour() {
201+
RequestHandler list =
202+
Handlers.corsPreflightHandler(
203+
List.of("https://a.example.com", "https://b.example.com"),
204+
METHODS,
205+
HEADERS,
206+
false,
207+
null);
208+
209+
Response allowed = list.handle(preflight("https://b.example.com", "POST", "content-type"));
210+
Response denied = list.handle(preflight("https://c.example.com", "POST", "content-type"));
211+
212+
assertThat(allowed.status()).isEqualTo(HTTP_NO_CONTENT);
213+
assertThat(denied.status()).isEqualTo(HTTP_FORBIDDEN);
214+
}
170215
}

0 commit comments

Comments
 (0)