dirtydishes/islandflow
1
0
Fork 0
Code Issues 3 Pull requests 5 Projects Releases Packages Wiki Activity Actions
islandflow/services/api/tests/cors.test.ts
dirtydishes ce65e7b45f
All checks were successful
CI / Validate (pull_request) Successful in 1m15s
Details
fix pr ci validation
2026-06-14 15:37:14 -04:00

79 lines
2.7 KiB
TypeScript
Raw Permalink Blame History

import { describe, expect, it } from "bun:test";
import {
createCorsPreflightResponse,
parseCorsAllowedOrigins,
resolveCorsOrigin,
withCorsHeaders
} from "../src/cors";
describe("api cors helpers", () => {
const allowedOrigins = parseCorsAllowedOrigins(
"https://flow.deltaisland.io, http://127.0.0.1:3000/, http://localhost:3100"
);
it("normalizes configured origins", () => {
expect(allowedOrigins.has("https://flow.deltaisland.io")).toBe(true);
expect(allowedOrigins.has("http://127.0.0.1:3000")).toBe(true);
expect(allowedOrigins.has("http://localhost:3100")).toBe(true);
expect(allowedOrigins.has("http://127.0.0.1:3000/")).toBe(false);
});
it("reflects allowed browser origins", () => {
const req = new Request("https://api.flow.deltaisland.io/prints/options", {
headers: {
origin: "http://127.0.0.1:3000"
}
});
expect(resolveCorsOrigin(req, allowedOrigins)).toBe("http://127.0.0.1:3000");
});
it("does not reflect unknown origins", () => {
const req = new Request("https://api.flow.deltaisland.io/prints/options", {
headers: {
origin: "http://evil.example"
}
});
expect(resolveCorsOrigin(req, allowedOrigins)).toBeNull();
});
it("adds cors headers to normal responses for allowed origins", async () => {
const req = new Request("https://api.flow.deltaisland.io/health", {
headers: {
origin: "https://flow.deltaisland.io"
}
});
const response = withCorsHeaders(
req,
new Response(JSON.stringify({ status: "ok" }), {
headers: {
"content-type": "application/json"
}
}),
allowedOrigins
);
expect(response.headers.get("access-control-allow-origin")).toBe("https://flow.deltaisland.io");
expect(response.headers.get("vary")).toBe("Origin");
expect(response.headers.get("content-type")).toBe("application/json");
expect(await response.json()).toEqual({ status: "ok" });
});
it("answers preflight requests for allowed origins", () => {
const req = new Request("https://api.flow.deltaisland.io/lookup/options-support", {
method: "OPTIONS",
headers: {
origin: "http://localhost:3100",
"access-control-request-method": "POST",
"access-control-request-headers": "content-type,authorization"
}
});
const response = createCorsPreflightResponse(req, allowedOrigins);
expect(response.status).toBe(204);
expect(response.headers.get("access-control-allow-origin")).toBe("http://localhost:3100");
expect(response.headers.get("access-control-allow-methods")).toContain("POST");
expect(response.headers.get("access-control-allow-headers")).toBe("content-type,authorization");
});
});
Reference in a new issue View git blame Copy permalink