Skip to content

Commit 518f4d9

Browse files
devksingh4devksingh4
committed
add preflight CORS live tests
1 parent 878971d commit 518f4d9

File tree

1 file changed

+48
-0
lines changed

1 file changed

+48
-0
lines changed

tests/live/cors.test.ts

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,19 @@ import { getBaseEndpoint } from "./utils.js";
44
const baseEndpoint = getBaseEndpoint();
55

66
describe("CORS tests", async () => {
7+
test("Events: Known URL is preflight allowed in CORS", async () => {
8+
const response = await fetch(`${baseEndpoint}/api/v1/events`, {
9+
method: "OPTIONS",
10+
headers: {
11+
"Access-Control-Request-Method": "GET",
12+
Origin: "https://acmuiuc.pages.dev",
13+
},
14+
});
15+
expect(response.status).toBe(204);
16+
expect(response.headers.get("access-control-allow-origin")).toStrictEqual(
17+
"https://acmuiuc.pages.dev",
18+
);
19+
});
720
test("Events: Known URL is allowed in CORS", async () => {
821
const response = await fetch(`${baseEndpoint}/api/v1/events`, {
922
headers: {
@@ -15,6 +28,17 @@ describe("CORS tests", async () => {
1528
"https://acmuiuc.pages.dev",
1629
);
1730
});
31+
test("Events: Unknown URL is preflight not allowed in CORS", async () => {
32+
const response = await fetch(`${baseEndpoint}/api/v1/events`, {
33+
method: "OPTIONS",
34+
headers: {
35+
"Access-Control-Request-Method": "GET",
36+
Origin: "https://google.com",
37+
},
38+
});
39+
expect(response.status).toBe(204);
40+
expect(response.headers).not.toHaveProperty("access-control-allow-origin");
41+
});
1842
test("Events: Unknown URL is not allowed in CORS", async () => {
1943
const response = await fetch(`${baseEndpoint}/api/v1/events`, {
2044
headers: {
@@ -35,6 +59,19 @@ describe("CORS tests", async () => {
3559
"https://acmuiuc.pages.dev",
3660
);
3761
});
62+
test("Membership: Known URL is preflight allowed in CORS", async () => {
63+
const response = await fetch(`${baseEndpoint}/api/v1/membership/zzzzzz`, {
64+
method: "OPTIONS",
65+
headers: {
66+
"Access-Control-Request-Method": "GET",
67+
Origin: "https://acmuiuc.pages.dev",
68+
},
69+
});
70+
expect(response.status).toBe(204);
71+
expect(response.headers.get("access-control-allow-origin")).toStrictEqual(
72+
"https://acmuiuc.pages.dev",
73+
);
74+
});
3875
test("Membership: Unknown URL is not allowed in CORS", async () => {
3976
const response = await fetch(`${baseEndpoint}/api/v1/membership/zzzzzz`, {
4077
headers: {
@@ -44,4 +81,15 @@ describe("CORS tests", async () => {
4481
expect(response.status).toBe(200);
4582
expect(response.headers).not.toHaveProperty("access-control-allow-origin");
4683
});
84+
test("Membership: Unknown URL is preflight not allowed in CORS", async () => {
85+
const response = await fetch(`${baseEndpoint}/api/v1/membership/zzzzzz`, {
86+
method: "OPTIONS",
87+
headers: {
88+
"Access-Control-Request-Method": "GET",
89+
Origin: "https://google.com",
90+
},
91+
});
92+
expect(response.status).toBe(204);
93+
expect(response.headers).not.toHaveProperty("access-control-allow-origin");
94+
});
4795
});

0 commit comments

Comments
 (0)