still not sure why you are sending basic headers. Maybe we should test on OPTIONS to make sure we aren't returning the credential flags?
- benoît On Tue, Dec 4, 2012 at 9:55 PM, Jan Lehnardt <[email protected]> wrote: > Bah, bad commit. I fix it in [1/3]: > > -test_auth_with_wildcard() -> > +test_credentials_with_wildcard() -> > Headers = [{"Origin", "http://example.com"}, > {"Access-Control-Request-Method", "GET"}], > case ibrowse:send_req(server(), Headers, get, [], [{basic_auth, > {"test", "test"}}]) of > {ok, _, RespHeaders, _} -> > % I would either expect the current origin or a wildcard to be > returned > - etap:is(proplists:get_value("Access-Control-Allow-Origin", > RespHeaders), > + etap:is(proplists:get_value("Access-Control-Allow-Credentials", > RespHeaders), > undefined, > - "auth with wildcard should fail"); > + "credentials with wildcard should fail"); > _ -> > etap:is(false, true, "ibrowse failed") > end. > > that should have been the original commit, not sure how I mixed this one > up. > > Sorry! > Jan > -- > > On Dec 4, 2012, at 21:44 , Benoit Chesneau <[email protected]> wrote: > > > This test is not appropriate imo. > > > > That's not that auth should fails, CORS is nothing about authorizations > > What the spec says is that we should omit credentials flags for wildcards > > origin. > > > > > > - Benoît > > > > > > > > > > > > > > > > On Tue, Dec 4, 2012 at 9:33 PM, <[email protected]> wrote: > > > >> add test case: auth with wildcard should fail > >> > >> > >> Project: http://git-wip-us.apache.org/repos/asf/couchdb/repo > >> Commit: http://git-wip-us.apache.org/repos/asf/couchdb/commit/95b15e41 > >> Tree: http://git-wip-us.apache.org/repos/asf/couchdb/tree/95b15e41 > >> Diff: http://git-wip-us.apache.org/repos/asf/couchdb/diff/95b15e41 > >> > >> Branch: refs/heads/431-feature-cors > >> Commit: 95b15e41aec707bdddf3f7ada92b3c8432d3293c > >> Parents: b48284c > >> Author: Jan Lehnardt <[email protected]> > >> Authored: Tue Dec 4 21:06:28 2012 +0100 > >> Committer: Jan Lehnardt <[email protected]> > >> Committed: Tue Dec 4 21:06:28 2012 +0100 > >> > >> ---------------------------------------------------------------------- > >> test/etap/231-cors.t | 22 ++++++++++++++++++---- > >> 1 files changed, 18 insertions(+), 4 deletions(-) > >> ---------------------------------------------------------------------- > >> > >> > >> > >> > http://git-wip-us.apache.org/repos/asf/couchdb/blob/95b15e41/test/etap/231-cors.t > >> ---------------------------------------------------------------------- > >> diff --git a/test/etap/231-cors.t b/test/etap/231-cors.t > >> index 9dc9fff..b5180d2 100644 > >> --- a/test/etap/231-cors.t > >> +++ b/test/etap/231-cors.t > >> @@ -32,7 +32,7 @@ server() -> > >> main(_) -> > >> test_util:init_code_path(), > >> > >> - etap:plan(17), > >> + etap:plan(18), > >> case (catch test()) of > >> ok -> > >> etap:end_tests(); > >> @@ -102,14 +102,14 @@ test() -> > >> > >> ok = couch_config:set("cors", "origins", "*", false), > >> test_preflight_with_wildcard(), > >> + test_auth_with_wildcard(), > >> > >> ok = couch_config:set("cors", "origins", "http://example.com";, > >> false), > >> > >> > >> - % TBD > >> - % case-sensitive mismatch of allowed origins should fail > >> test_case_sensitive_mismatch_of_allowed_origins(), > >> - % auth with * Origin should fail > >> + > >> + % TBD > >> % test all cors with vhosts > >> % test multiple per-host configuration > >> > >> @@ -268,6 +268,20 @@ test_preflight_with_wildcard() -> > >> etap:is(false, true, "ibrowse failed") > >> end. > >> > >> +test_auth_with_wildcard() -> > >> + Headers = [{"Origin", "http://example.com"}, > >> + {"Access-Control-Request-Method", "GET"}], > >> + case ibrowse:send_req(server(), Headers, get, [], [{basic_auth, > >> {"test", "test"}}]) of > >> + {ok, _, RespHeaders, _} -> > >> + % I would either expect the current origin or a wildcard to be > >> returned > >> + etap:is(proplists:get_value("Access-Control-Allow-Origin", > >> RespHeaders), > >> + undefined, > >> + "auth with wildcard should fail"); > >> + _ -> > >> + etap:is(false, true, "ibrowse failed") > >> + end. > >> + > >> + > >> test_preflight_with_port1() -> > >> Headers = [{"Origin", "http://example.com:5984"}, > >> {"Access-Control-Request-Method", "GET"}], > >> > >> > >
