public function testReturnNullForDifferentSchemeOnWildcardSubDomainOrigin() { $request = new HttpRequest(); $request->getHeaders()->addHeaderLine('Origin', 'https://example.com'); $this->corsOptions->setAllowedOrigins(array('http://*.example.com')); $response = $this->corsService->createPreflightCorsResponse($request); $headers = $response->getHeaders(); $this->assertEquals('null', $headers->get('Access-Control-Allow-Origin')->getFieldValue()); }
public function testReturnNothingForNormalAuthorizedCorsRequest() { $mvcEvent = new MvcEvent(); $request = new HttpRequest(); $response = new HttpResponse(); $request->getHeaders()->addHeaderLine('Origin', 'http://example.com'); $this->corsOptions->setAllowedOrigins(array('http://example.com')); $mvcEvent->setRequest($request)->setResponse($response); $this->assertNull($this->corsListener->onCorsRequest($mvcEvent)); }
public function testCanModifyOptions() { $options = new CorsOptions(); $options->setAllowedOrigins(array('http://example1.com', 'http://example2.com')); $this->assertEquals(array('http://example1.com', 'http://example2.com'), $options->getAllowedOrigins()); $options->setAllowedMethods(array('POST', 'GET')); $this->assertEquals(array('POST', 'GET'), $options->getAllowedMethods()); $options->setAllowedHeaders(array('Content-Type')); $this->assertEquals(array('Content-Type'), $options->getAllowedHeaders()); $options->setMaxAge(30); $this->assertEquals(30, $options->getMaxAge()); $options->setExposedHeaders(array('Location', 'X-Custom-Header')); $this->assertEquals(array('Location', 'X-Custom-Header'), $options->getExposedHeaders()); $options->setAllowedCredentials(true); $this->assertTrue($options->getAllowedCredentials()); }