CorsServiceProviderTest - Code Metrics - Inspection of "Add support for Access-Control-Allow-Headers" - jdesrosiers/silex-cors-provider - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — v0 ( 67b0b4...d4c491 )

by Jason

created 2017-03-09 03:53 UTC

CorsServiceProviderTest A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	335
Duplicated Lines	0 %

Coupling/Cohesion

Components	1
Dependencies	5

Importance

Changes	6
Bugs	0	Features	0

Metric	Value
wmc	14
lcom	1
cbo	5
dl	0
loc	335
rs	10
c	6
b	0
f	0

14 Methods

Rating	Name	Size	Complexity
A	setUp()	9	1
B	testCorsPreFlight()	27	1
B	testCorsPreFlightFail()	26	1
A	dataProviderAllowOrigin()	11	1
B	testAllowOriginFail()	28	1
B	testDefaultAllowMethodsWithMultipleAllow()	26	1
B	testAllowMethods()	28	1
B	testAllowOrigin()	25	1
B	testAllowCredentialsAndExposeHeaders()	26	1
A	testNotEnabledMethod()	14	1
A	testRouteWithOptionsOnlyRespondsWith404()	9	1
B	testAllowHeadersFail()	29	1
B	testAllowMethodsFail()	28	1
B	testMultipleAllowMethods()	28	1

<?php

namespace JDesrosiers\Silex\Provider\Test;

use JDesrosiers\Silex\Provider\CorsServiceProvider;
use Silex\Application;
use Symfony\Component\HttpKernel\Client;

class CorsServiceProviderTest extends \PHPUnit_Framework_TestCase
{
    protected $app;

    public function setUp()
    {
        $this->app = new Application();
        $this->app["debug"] = true;
        $this->app->register(new CorsServiceProvider(), [
            "cors.maxAge" => 15,
        ]);
        $this->app->after($this->app["cors"]);
    }

    public function testCorsPreFlight()
    {
        $this->app->get("/foo", function () {
            return "foo";
        });

        $headers = [
            "HTTP_ORIGIN" => "http://www.foo.com",
            "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET",
            "HTTP_ACCESS_CONTROL_REQUEST_HEADERS" => "content-type",
        ];
        $client = new Client($this->app, $headers);
        $client->request("OPTIONS", "/foo");

        $response = $client->getResponse();

        $this->assertEquals("204", $response->getStatusCode());
        $this->assertEquals("GET", $response->headers->get("Allow"));
        $this->assertEquals("GET", $response->headers->get("Access-Control-Allow-Methods"));
        $this->assertEquals("http://www.foo.com", $response->headers->get("Access-Control-Allow-Origin"));
        $this->assertEquals("content-type", $response->headers->get("Access-Control-Allow-Headers"));
        $this->assertEquals("15", $response->headers->get("Access-Control-Max-Age"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
        $this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
        $this->assertFalse($response->headers->has("Content-Type"));
        $this->assertEquals("", $response->getContent());
    }

    public function testCorsPreFlightFail()
    {
        $this->app->get("/foo", function () {
            return "foo";
        });

        $headers = [
            "HTTP_ORIGIN" => "http://www.foo.com",
            "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "POST",
        ];
        $client = new Client($this->app, $headers);
        $client->request("OPTIONS", "/foo");

        $response = $client->getResponse();

        $this->assertEquals("204", $response->getStatusCode());
        $this->assertEquals("GET", $response->headers->get("Allow"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Methods"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Origin"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
        $this->assertFalse($response->headers->has("Access-Control-Max-Age"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
        $this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
        $this->assertFalse($response->headers->has("Content-Type"));
        $this->assertEquals("", $response->getContent());
    }

    public function dataProviderAllowOrigin()
    {
        return [
            ["*"],
            ["http://www.foo.com"],
            ["*.foo.com"],
            ["http://www.foo.com http://www.bar.com"],
            ["*.foo.com http://www.bar.com"],
            ["http://www.bar.com http://www.foo.com"],
        ];
    }

    /**
     * @dataProvider dataProviderAllowOrigin
     */
    public function testAllowOrigin($domain)
    {
        $this->app["cors.allowOrigin"] = $domain;

        $this->app->get("/foo", function () {
            return "foo";
        });

        $headers = [
            "HTTP_ORIGIN" => "http://www.foo.com",
        ];
        $client = new Client($this->app, $headers);
        $client->request("GET", "/foo");

        $response = $client->getResponse();

        $this->assertEquals("200", $response->getStatusCode());
        $this->assertFalse($response->headers->has("Access-Control-Allow-Methods"));
        $this->assertEquals("http://www.foo.com", $response->headers->get("Access-Control-Allow-Origin"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
        $this->assertFalse($response->headers->has("Access-Control-Max-Age"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
        $this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
        $this->assertEquals("foo", $response->getContent());
    }

    public function testAllowOriginFail()
    {
        $this->app["cors.allowOrigin"] = "http://www.bar.com";

        $this->app->get("/foo", function () {
            return "foo";
        });

        $headers = [
            "HTTP_ORIGIN" => "http://www.foo.com",
            "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET",
        ];
        $client = new Client($this->app, $headers);
        $client->request("OPTIONS", "/foo");

        $response = $client->getResponse();

        $this->assertEquals("204", $response->getStatusCode());
        $this->assertEquals("GET", $response->headers->get("Allow"));
        $this->assertEquals("GET", $response->headers->get("Access-Control-Allow-Methods"));
        $this->assertEquals("null", $response->headers->get("Access-Control-Allow-Origin"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
        $this->assertEquals("15", $response->headers->get("Access-Control-Max-Age"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
        $this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
        $this->assertFalse($response->headers->has("Content-Type"));
        $this->assertEquals("", $response->getContent());
    }

    public function testDefaultAllowMethodsWithMultipleAllow()
    {
        $this->app->match("/foo", function () {
            return "foo";
        })->method("GET|POST");

        $headers = array(
            "HTTP_ORIGIN" => "http://www.foo.com",
            "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET",
        );
        $client = new Client($this->app, $headers);
        $client->request("OPTIONS", "/foo");

        $response = $client->getResponse();

        $this->assertEquals("204", $response->getStatusCode());
        $this->assertEquals("GET,POST", $response->headers->get("Allow"));
        $this->assertEquals("GET", $response->headers->get("Access-Control-Allow-Methods"));
        $this->assertEquals("http://www.foo.com", $response->headers->get("Access-Control-Allow-Origin"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
        $this->assertEquals("15", $response->headers->get("Access-Control-Max-Age"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
        $this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
        $this->assertFalse($response->headers->has("Content-Type"));
        $this->assertEquals("", $response->getContent());
    }

    public function testAllowMethods()
    {
        $this->app["cors.allowMethods"] = "GET";

        $this->app->match("/foo", function () {
            return "foo";
        })->method("GET|POST");

        $headers = [
            "HTTP_ORIGIN" => "http://www.foo.com",
            "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET",
        ];
        $client = new Client($this->app, $headers);
        $client->request("OPTIONS", "/foo");

        $response = $client->getResponse();

        $this->assertEquals("204", $response->getStatusCode());
        $this->assertEquals("GET,POST", $response->headers->get("Allow"));
        $this->assertEquals("GET", $response->headers->get("Access-Control-Allow-Methods"));
        $this->assertEquals("http://www.foo.com", $response->headers->get("Access-Control-Allow-Origin"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
        $this->assertEquals("15", $response->headers->get("Access-Control-Max-Age"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
        $this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
        $this->assertFalse($response->headers->has("Content-Type"));
        $this->assertEquals("", $response->getContent());
    }

    public function testAllowHeadersFail()
    {
        $this->app["cors.allowHeaders"] = "";

        $this->app->get("/foo", function () {
            return "foo";
        });

        $headers = [
            "HTTP_ORIGIN" => "http://www.foo.com",
            "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET",
            "HTTP_ACCESS_CONTROL_REQUEST_HEADERS" => "if-modified-since",
        ];
        $client = new Client($this->app, $headers);
        $client->request("OPTIONS", "/foo");

        $response = $client->getResponse();

        $this->assertEquals("204", $response->getStatusCode());
        $this->assertEquals("GET", $response->headers->get("Allow"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Methods"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Origin"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
        $this->assertFalse($response->headers->has("Access-Control-Max-Age"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
        $this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
        $this->assertFalse($response->headers->has("Content-Type"));
        $this->assertEquals("", $response->getContent());
    }

    public function testAllowMethodsFail()
    {
        $this->app["cors.allowMethods"] = "GET";

        $this->app->match("/foo", function () {
            return "foo";
        })->method("GET|POST");

        $headers = [
            "HTTP_ORIGIN" => "http://www.foo.com",
            "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "POST",
        ];
        $client = new Client($this->app, $headers);
        $client->request("OPTIONS", "/foo");

        $response = $client->getResponse();

        $this->assertEquals("204", $response->getStatusCode());
        $this->assertEquals("GET,POST", $response->headers->get("Allow"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Methods"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Origin"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
        $this->assertFalse($response->headers->has("Access-Control-Max-Age"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
        $this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
        $this->assertFalse($response->headers->has("Content-Type"));
        $this->assertEquals("", $response->getContent());
    }

    public function testMultipleAllowMethods()
    {
        $this->app["cors.allowMethods"] = "GET,POST";

        $this->app->match("/foo", function () {
            return "foo";
        })->method("GET|POST|DELETE");

        $headers = array(
            "HTTP_ORIGIN" => "http://www.foo.com",
            "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET",
        );
        $client = new Client($this->app, $headers);
        $client->request("OPTIONS", "/foo");

        $response = $client->getResponse();

        $this->assertEquals("204", $response->getStatusCode());
        $this->assertEquals("GET,POST,DELETE", $response->headers->get("Allow"));
        $this->assertEquals("GET", $response->headers->get("Access-Control-Allow-Methods"));
        $this->assertEquals("http://www.foo.com", $response->headers->get("Access-Control-Allow-Origin"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
        $this->assertEquals("15", $response->headers->get("Access-Control-Max-Age"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
        $this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
        $this->assertFalse($response->headers->has("Content-Type"));
        $this->assertEquals("", $response->getContent());
    }

    public function testAllowCredentialsAndExposeHeaders()
    {
        $this->app["cors.allowCredentials"] = true;
        $this->app["cors.exposeHeaders"] = "Foo-Bar Baz";

        $this->app->get("/foo", function () {
            return "foo";
        });

        $headers = [
            "HTTP_ORIGIN" => "http://www.foo.com",
        ];
        $client = new Client($this->app, $headers);
        $client->request("GET", "/foo");

        $response = $client->getResponse();

        $this->assertEquals("200", $response->getStatusCode());
        $this->assertFalse($response->headers->has("Access-Control-Allow-Methods"));
        $this->assertEquals("http://www.foo.com", $response->headers->get("Access-Control-Allow-Origin"));
        $this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
        $this->assertFalse($response->headers->has("Access-Control-Max-Age"));
        $this->assertEquals("true", $response->headers->get("Access-Control-Allow-Credentials"));
        $this->assertEquals("Foo-Bar Baz", $response->headers->get("Access-Control-Expose-Headers"));
        $this->assertEquals("foo", $response->getContent());
    }

    public function testNotEnabledMethod()
    {
        $this->app->post("/foo", function () {
            return "foo";
        });

        $client = new Client($this->app);
        $client->request("GET", "/foo");

        $response = $client->getResponse();

        $this->assertEquals("405", $response->getStatusCode());
        $this->assertEquals("POST, OPTIONS", $response->headers->get("Allow"));
    }

    public function testRouteWithOptionsOnlyRespondsWith404()
    {
        $client = new Client($this->app);
        $client->request("GET", "/foo");

        $response = $client->getResponse();

        $this->assertEquals("404", $response->getStatusCode());
    }
}


1			<?php
2
3			namespace JDesrosiers\Silex\Provider\Test;
4
5			use JDesrosiers\Silex\Provider\CorsServiceProvider;
6			use Silex\Application;
7			use Symfony\Component\HttpKernel\Client;
8
9			class CorsServiceProviderTest extends \PHPUnit_Framework_TestCase
10			{
11			protected $app;
12
13			public function setUp()
14			{
15			$this->app = new Application();
16			$this->app["debug"] = true;
17			$this->app->register(new CorsServiceProvider(), [
18			"cors.maxAge" => 15,
19			]);
20			$this->app->after($this->app["cors"]);
21			}
22
23			public function testCorsPreFlight()
24			{
25			$this->app->get("/foo", function () {
26			return "foo";
27			});
28
29			$headers = [
30			"HTTP_ORIGIN" => "http://www.foo.com",
31			"HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET",
32			"HTTP_ACCESS_CONTROL_REQUEST_HEADERS" => "content-type",
33			];
34			$client = new Client($this->app, $headers);
35			$client->request("OPTIONS", "/foo");
36
37			$response = $client->getResponse();
38
39			$this->assertEquals("204", $response->getStatusCode());
40			$this->assertEquals("GET", $response->headers->get("Allow"));
41			$this->assertEquals("GET", $response->headers->get("Access-Control-Allow-Methods"));
42			$this->assertEquals("http://www.foo.com", $response->headers->get("Access-Control-Allow-Origin"));
43			$this->assertEquals("content-type", $response->headers->get("Access-Control-Allow-Headers"));
44			$this->assertEquals("15", $response->headers->get("Access-Control-Max-Age"));
45			$this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
46			$this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
47			$this->assertFalse($response->headers->has("Content-Type"));
48			$this->assertEquals("", $response->getContent());
49			}
50
51			public function testCorsPreFlightFail()
52			{
53			$this->app->get("/foo", function () {
54			return "foo";
55			});
56
57			$headers = [
58			"HTTP_ORIGIN" => "http://www.foo.com",
59			"HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "POST",
60			];
61			$client = new Client($this->app, $headers);
62			$client->request("OPTIONS", "/foo");
63
64			$response = $client->getResponse();
65
66			$this->assertEquals("204", $response->getStatusCode());
67			$this->assertEquals("GET", $response->headers->get("Allow"));
68			$this->assertFalse($response->headers->has("Access-Control-Allow-Methods"));
69			$this->assertFalse($response->headers->has("Access-Control-Allow-Origin"));
70			$this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
71			$this->assertFalse($response->headers->has("Access-Control-Max-Age"));
72			$this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
73			$this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
74			$this->assertFalse($response->headers->has("Content-Type"));
75			$this->assertEquals("", $response->getContent());
76			}
77
78			public function dataProviderAllowOrigin()
79			{
80			return [
81			["*"],
82			["http://www.foo.com"],
83			["*.foo.com"],
84			["http://www.foo.com http://www.bar.com"],
85			["*.foo.com http://www.bar.com"],
86			["http://www.bar.com http://www.foo.com"],
87			];
88			}
89
90			/**
91			* @dataProvider dataProviderAllowOrigin
92			*/
93			public function testAllowOrigin($domain)
94			{
95			$this->app["cors.allowOrigin"] = $domain;
96
97			$this->app->get("/foo", function () {
98			return "foo";
99			});
100
101			$headers = [
102			"HTTP_ORIGIN" => "http://www.foo.com",
103			];
104			$client = new Client($this->app, $headers);
105			$client->request("GET", "/foo");
106
107			$response = $client->getResponse();
108
109			$this->assertEquals("200", $response->getStatusCode());
110			$this->assertFalse($response->headers->has("Access-Control-Allow-Methods"));
111			$this->assertEquals("http://www.foo.com", $response->headers->get("Access-Control-Allow-Origin"));
112			$this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
113			$this->assertFalse($response->headers->has("Access-Control-Max-Age"));
114			$this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
115			$this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
116			$this->assertEquals("foo", $response->getContent());
117			}
118
119			public function testAllowOriginFail()
120			{
121			$this->app["cors.allowOrigin"] = "http://www.bar.com";
122
123			$this->app->get("/foo", function () {
124			return "foo";
125			});
126
127			$headers = [
128			"HTTP_ORIGIN" => "http://www.foo.com",
129			"HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET",
130			];
131			$client = new Client($this->app, $headers);
132			$client->request("OPTIONS", "/foo");
133
134			$response = $client->getResponse();
135
136			$this->assertEquals("204", $response->getStatusCode());
137			$this->assertEquals("GET", $response->headers->get("Allow"));
138			$this->assertEquals("GET", $response->headers->get("Access-Control-Allow-Methods"));
139			$this->assertEquals("null", $response->headers->get("Access-Control-Allow-Origin"));
140			$this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
141			$this->assertEquals("15", $response->headers->get("Access-Control-Max-Age"));
142			$this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
143			$this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
144			$this->assertFalse($response->headers->has("Content-Type"));
145			$this->assertEquals("", $response->getContent());
146			}
147
148			public function testDefaultAllowMethodsWithMultipleAllow()
149			{
150			$this->app->match("/foo", function () {
151			return "foo";
152			})->method("GET\|POST");
153
154			$headers = array(
155			"HTTP_ORIGIN" => "http://www.foo.com",
156			"HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET",
157			);
158			$client = new Client($this->app, $headers);
159			$client->request("OPTIONS", "/foo");
160
161			$response = $client->getResponse();
162
163			$this->assertEquals("204", $response->getStatusCode());
164			$this->assertEquals("GET,POST", $response->headers->get("Allow"));
165			$this->assertEquals("GET", $response->headers->get("Access-Control-Allow-Methods"));
166			$this->assertEquals("http://www.foo.com", $response->headers->get("Access-Control-Allow-Origin"));
167			$this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
168			$this->assertEquals("15", $response->headers->get("Access-Control-Max-Age"));
169			$this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
170			$this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
171			$this->assertFalse($response->headers->has("Content-Type"));
172			$this->assertEquals("", $response->getContent());
173			}
174
175			public function testAllowMethods()
176			{
177			$this->app["cors.allowMethods"] = "GET";
178
179			$this->app->match("/foo", function () {
180			return "foo";
181			})->method("GET\|POST");
182
183			$headers = [
184			"HTTP_ORIGIN" => "http://www.foo.com",
185			"HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET",
186			];
187			$client = new Client($this->app, $headers);
188			$client->request("OPTIONS", "/foo");
189
190			$response = $client->getResponse();
191
192			$this->assertEquals("204", $response->getStatusCode());
193			$this->assertEquals("GET,POST", $response->headers->get("Allow"));
194			$this->assertEquals("GET", $response->headers->get("Access-Control-Allow-Methods"));
195			$this->assertEquals("http://www.foo.com", $response->headers->get("Access-Control-Allow-Origin"));
196			$this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
197			$this->assertEquals("15", $response->headers->get("Access-Control-Max-Age"));
198			$this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
199			$this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
200			$this->assertFalse($response->headers->has("Content-Type"));
201			$this->assertEquals("", $response->getContent());
202			}
203
204			public function testAllowHeadersFail()
205			{
206			$this->app["cors.allowHeaders"] = "";
207
208			$this->app->get("/foo", function () {
209			return "foo";
210			});
211
212			$headers = [
213			"HTTP_ORIGIN" => "http://www.foo.com",
214			"HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET",
215			"HTTP_ACCESS_CONTROL_REQUEST_HEADERS" => "if-modified-since",
216			];
217			$client = new Client($this->app, $headers);
218			$client->request("OPTIONS", "/foo");
219
220			$response = $client->getResponse();
221
222			$this->assertEquals("204", $response->getStatusCode());
223			$this->assertEquals("GET", $response->headers->get("Allow"));
224			$this->assertFalse($response->headers->has("Access-Control-Allow-Methods"));
225			$this->assertFalse($response->headers->has("Access-Control-Allow-Origin"));
226			$this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
227			$this->assertFalse($response->headers->has("Access-Control-Max-Age"));
228			$this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
229			$this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
230			$this->assertFalse($response->headers->has("Content-Type"));
231			$this->assertEquals("", $response->getContent());
232			}
233
234			public function testAllowMethodsFail()
235			{
236			$this->app["cors.allowMethods"] = "GET";
237
238			$this->app->match("/foo", function () {
239			return "foo";
240			})->method("GET\|POST");
241
242			$headers = [
243			"HTTP_ORIGIN" => "http://www.foo.com",
244			"HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "POST",
245			];
246			$client = new Client($this->app, $headers);
247			$client->request("OPTIONS", "/foo");
248
249			$response = $client->getResponse();
250
251			$this->assertEquals("204", $response->getStatusCode());
252			$this->assertEquals("GET,POST", $response->headers->get("Allow"));
253			$this->assertFalse($response->headers->has("Access-Control-Allow-Methods"));
254			$this->assertFalse($response->headers->has("Access-Control-Allow-Origin"));
255			$this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
256			$this->assertFalse($response->headers->has("Access-Control-Max-Age"));
257			$this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
258			$this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
259			$this->assertFalse($response->headers->has("Content-Type"));
260			$this->assertEquals("", $response->getContent());
261			}
262
263			public function testMultipleAllowMethods()
264			{
265			$this->app["cors.allowMethods"] = "GET,POST";
266
267			$this->app->match("/foo", function () {
268			return "foo";
269			})->method("GET\|POST\|DELETE");
270
271			$headers = array(
272			"HTTP_ORIGIN" => "http://www.foo.com",
273			"HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET",
274			);
275			$client = new Client($this->app, $headers);
276			$client->request("OPTIONS", "/foo");
277
278			$response = $client->getResponse();
279
280			$this->assertEquals("204", $response->getStatusCode());
281			$this->assertEquals("GET,POST,DELETE", $response->headers->get("Allow"));
282			$this->assertEquals("GET", $response->headers->get("Access-Control-Allow-Methods"));
283			$this->assertEquals("http://www.foo.com", $response->headers->get("Access-Control-Allow-Origin"));
284			$this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
285			$this->assertEquals("15", $response->headers->get("Access-Control-Max-Age"));
286			$this->assertFalse($response->headers->has("Access-Control-Allow-Credentials"));
287			$this->assertFalse($response->headers->has("Access-Control-Expose-Headers"));
288			$this->assertFalse($response->headers->has("Content-Type"));
289			$this->assertEquals("", $response->getContent());
290			}
291
292			public function testAllowCredentialsAndExposeHeaders()
293			{
294			$this->app["cors.allowCredentials"] = true;
295			$this->app["cors.exposeHeaders"] = "Foo-Bar Baz";
296
297			$this->app->get("/foo", function () {
298			return "foo";
299			});
300
301			$headers = [
302			"HTTP_ORIGIN" => "http://www.foo.com",
303			];
304			$client = new Client($this->app, $headers);
305			$client->request("GET", "/foo");
306
307			$response = $client->getResponse();
308
309			$this->assertEquals("200", $response->getStatusCode());
310			$this->assertFalse($response->headers->has("Access-Control-Allow-Methods"));
311			$this->assertEquals("http://www.foo.com", $response->headers->get("Access-Control-Allow-Origin"));
312			$this->assertFalse($response->headers->has("Access-Control-Allow-Headers"));
313			$this->assertFalse($response->headers->has("Access-Control-Max-Age"));
314			$this->assertEquals("true", $response->headers->get("Access-Control-Allow-Credentials"));
315			$this->assertEquals("Foo-Bar Baz", $response->headers->get("Access-Control-Expose-Headers"));
316			$this->assertEquals("foo", $response->getContent());
317			}
318
319			public function testNotEnabledMethod()
320			{
321			$this->app->post("/foo", function () {
322			return "foo";
323			});
324
325			$client = new Client($this->app);
326			$client->request("GET", "/foo");
327
328			$response = $client->getResponse();
329
330			$this->assertEquals("405", $response->getStatusCode());
331			$this->assertEquals("POST, OPTIONS", $response->headers->get("Allow"));
332			}
333
334			public function testRouteWithOptionsOnlyRespondsWith404()
335			{
336			$client = new Client($this->app);
337			$client->request("GET", "/foo");
338
339			$response = $client->getResponse();
340
341			$this->assertEquals("404", $response->getStatusCode());
342			}
343			}
344

jdesrosiers / silex-cors-provider

GitHub Access Token became invalid

Push — v0 ( 67b0b4...d4c491 )

CorsServiceProviderTest A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

14 Methods

Duplication Side-by-Side

Filter issues like