Bah, bad commit. I fix it in [1/3]:
-test_auth_with_wildcard() ->
+test_credentials_with_wildcard() ->
Headers = [{"Origin", "http://example.com"},
{"Access-Control-Request-Method", "GET"}],
case ibrowse:send_req(server(), Headers, get, [], [{basic_auth, {"test",
"test"}}]) of
{ok, _, RespHeaders, _} ->
% I would either expect the current origin or a wildcard to be returned
- etap:is(proplists:get_value("Access-Control-Allow-Origin",
RespHeaders),
+ etap:is(proplists:get_value("Access-Control-Allow-Credentials",
RespHeaders),
undefined,
- "auth with wildcard should fail");
+ "credentials with wildcard should fail");
_ ->
etap:is(false, true, "ibrowse failed")
end.
that should have been the original commit, not sure how I mixed this one up.
Sorry!
Jan
--
On Dec 4, 2012, at 21:44 , Benoit Chesneau <[email protected]> wrote:
> This test is not appropriate imo.
>
> That's not that auth should fails, CORS is nothing about authorizations
> What the spec says is that we should omit credentials flags for wildcards
> origin.
>
>
> - BenoƮt
>
>
>
>
>
>
>
> On Tue, Dec 4, 2012 at 9:33 PM, <[email protected]> wrote:
>
>> add test case: auth with wildcard should fail
>>
>>
>> Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo
>> Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/95b15e41
>> Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/95b15e41
>> Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/95b15e41
>>
>> Branch: refs/heads/431-feature-cors
>> Commit: 95b15e41aec707bdddf3f7ada92b3c8432d3293c
>> Parents: b48284c
>> Author: Jan Lehnardt <[email protected]>
>> Authored: Tue Dec 4 21:06:28 2012 +0100
>> Committer: Jan Lehnardt <[email protected]>
>> Committed: Tue Dec 4 21:06:28 2012 +0100
>>
>> ----------------------------------------------------------------------
>> test/etap/231-cors.t | 22 ++++++++++++++++++----
>> 1 files changed, 18 insertions(+), 4 deletions(-)
>> ----------------------------------------------------------------------
>>
>>
>>
>> http://git-wip-us.apache.org/repos/asf/couchdb/blob/95b15e41/test/etap/231-cors.t
>> ----------------------------------------------------------------------
>> diff --git a/test/etap/231-cors.t b/test/etap/231-cors.t
>> index 9dc9fff..b5180d2 100644
>> --- a/test/etap/231-cors.t
>> +++ b/test/etap/231-cors.t
>> @@ -32,7 +32,7 @@ server() ->
>> main(_) ->
>> test_util:init_code_path(),
>>
>> - etap:plan(17),
>> + etap:plan(18),
>> case (catch test()) of
>> ok ->
>> etap:end_tests();
>> @@ -102,14 +102,14 @@ test() ->
>>
>> ok = couch_config:set("cors", "origins", "*", false),
>> test_preflight_with_wildcard(),
>> + test_auth_with_wildcard(),
>>
>> ok = couch_config:set("cors", "origins", "http://example.com";,
>> false),
>>
>>
>> - % TBD
>> - % case-sensitive mismatch of allowed origins should fail
>> test_case_sensitive_mismatch_of_allowed_origins(),
>> - % auth with * Origin should fail
>> +
>> + % TBD
>> % test all cors with vhosts
>> % test multiple per-host configuration
>>
>> @@ -268,6 +268,20 @@ test_preflight_with_wildcard() ->
>> etap:is(false, true, "ibrowse failed")
>> end.
>>
>> +test_auth_with_wildcard() ->
>> + Headers = [{"Origin", "http://example.com"},
>> + {"Access-Control-Request-Method", "GET"}],
>> + case ibrowse:send_req(server(), Headers, get, [], [{basic_auth,
>> {"test", "test"}}]) of
>> + {ok, _, RespHeaders, _} ->
>> + % I would either expect the current origin or a wildcard to be
>> returned
>> + etap:is(proplists:get_value("Access-Control-Allow-Origin",
>> RespHeaders),
>> + undefined,
>> + "auth with wildcard should fail");
>> + _ ->
>> + etap:is(false, true, "ibrowse failed")
>> + end.
>> +
>> +
>> test_preflight_with_port1() ->
>> Headers = [{"Origin", "http://example.com:5984"},
>> {"Access-Control-Request-Method", "GET"}],
>>
>>
