This test is not appropriate imo. That's not that auth should fails, CORS is nothing about authorizations What the spec says is that we should omit credentials flags for wildcards origin.
- BenoƮt On Tue, Dec 4, 2012 at 9:33 PM, <[email protected]> wrote: > add test case: auth with wildcard should fail > > > Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo > Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/95b15e41 > Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/95b15e41 > Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/95b15e41 > > Branch: refs/heads/431-feature-cors > Commit: 95b15e41aec707bdddf3f7ada92b3c8432d3293c > Parents: b48284c > Author: Jan Lehnardt <[email protected]> > Authored: Tue Dec 4 21:06:28 2012 +0100 > Committer: Jan Lehnardt <[email protected]> > Committed: Tue Dec 4 21:06:28 2012 +0100 > > ---------------------------------------------------------------------- > test/etap/231-cors.t | 22 ++++++++++++++++++---- > 1 files changed, 18 insertions(+), 4 deletions(-) > ---------------------------------------------------------------------- > > > > http://git-wip-us.apache.org/repos/asf/couchdb/blob/95b15e41/test/etap/231-cors.t > ---------------------------------------------------------------------- > diff --git a/test/etap/231-cors.t b/test/etap/231-cors.t > index 9dc9fff..b5180d2 100644 > --- a/test/etap/231-cors.t > +++ b/test/etap/231-cors.t > @@ -32,7 +32,7 @@ server() -> > main(_) -> > test_util:init_code_path(), > > - etap:plan(17), > + etap:plan(18), > case (catch test()) of > ok -> > etap:end_tests(); > @@ -102,14 +102,14 @@ test() -> > > ok = couch_config:set("cors", "origins", "*", false), > test_preflight_with_wildcard(), > + test_auth_with_wildcard(), > > ok = couch_config:set("cors", "origins", "http://example.com";, > false), > > > - % TBD > - % case-sensitive mismatch of allowed origins should fail > test_case_sensitive_mismatch_of_allowed_origins(), > - % auth with * Origin should fail > + > + % TBD > % test all cors with vhosts > % test multiple per-host configuration > > @@ -268,6 +268,20 @@ test_preflight_with_wildcard() -> > etap:is(false, true, "ibrowse failed") > end. > > +test_auth_with_wildcard() -> > + Headers = [{"Origin", "http://example.com"}, > + {"Access-Control-Request-Method", "GET"}], > + case ibrowse:send_req(server(), Headers, get, [], [{basic_auth, > {"test", "test"}}]) of > + {ok, _, RespHeaders, _} -> > + % I would either expect the current origin or a wildcard to be > returned > + etap:is(proplists:get_value("Access-Control-Allow-Origin", > RespHeaders), > + undefined, > + "auth with wildcard should fail"); > + _ -> > + etap:is(false, true, "ibrowse failed") > + end. > + > + > test_preflight_with_port1() -> > Headers = [{"Origin", "http://example.com:5984"}, > {"Access-Control-Request-Method", "GET"}], > >
