public function testReturnNullForDifferentSchemeOnWildcardSubDomainOrigin()
{
$request = new HttpRequest();
$request->getHeaders()->addHeaderLine('Origin', 'https://example.com');
$this->corsOptions->setAllowedOrigins(array('http://*.example.com'));
$response = $this->corsService->createPreflightCorsResponse($request);
$headers = $response->getHeaders();
$this->assertEquals('null', $headers->get('Access-Control-Allow-Origin')->getFieldValue());
}
public function testReturnNothingForNormalAuthorizedCorsRequest()
{
$mvcEvent = new MvcEvent();
$request = new HttpRequest();
$response = new HttpResponse();
$request->getHeaders()->addHeaderLine('Origin', 'http://example.com');
$this->corsOptions->setAllowedOrigins(array('http://example.com'));
$mvcEvent->setRequest($request)->setResponse($response);
$this->assertNull($this->corsListener->onCorsRequest($mvcEvent));
}
public function testCanModifyOptions()
{
$options = new CorsOptions();
$options->setAllowedOrigins(array('http://example1.com', 'http://example2.com'));
$this->assertEquals(array('http://example1.com', 'http://example2.com'), $options->getAllowedOrigins());
$options->setAllowedMethods(array('POST', 'GET'));
$this->assertEquals(array('POST', 'GET'), $options->getAllowedMethods());
$options->setAllowedHeaders(array('Content-Type'));
$this->assertEquals(array('Content-Type'), $options->getAllowedHeaders());
$options->setMaxAge(30);
$this->assertEquals(30, $options->getMaxAge());
$options->setExposedHeaders(array('Location', 'X-Custom-Header'));
$this->assertEquals(array('Location', 'X-Custom-Header'), $options->getExposedHeaders());
$options->setAllowedCredentials(true);
$this->assertTrue($options->getAllowedCredentials());
}
