add CORS live tests

devksingh4 · devksingh4 · commit 878971d2d8aa · 2025-07-05T14:01:54.000-05:00
diff --git a/tests/live/cors.test.ts b/tests/live/cors.test.ts
@@ -0,0 +1,47 @@
+import { describe, expect, test } from "vitest";
+import { getBaseEndpoint } from "./utils.js";
+
+const baseEndpoint = getBaseEndpoint();
+
+describe("CORS tests", async () => {
+  test("Events: Known URL is allowed in CORS", async () => {
+    const response = await fetch(`${baseEndpoint}/api/v1/events`, {
+      headers: {
+        Origin: "https://acmuiuc.pages.dev",
+      },
+    });
+    expect(response.status).toBe(200);
+    expect(response.headers.get("access-control-allow-origin")).toStrictEqual(
+      "https://acmuiuc.pages.dev",
+    );
+  });
+  test("Events: Unknown URL is not allowed in CORS", async () => {
+    const response = await fetch(`${baseEndpoint}/api/v1/events`, {
+      headers: {
+        Origin: "https://google.com",
+      },
+    });
+    expect(response.status).toBe(200);
+    expect(response.headers).not.toHaveProperty("access-control-allow-origin");
+  });
+  test("Membership: Known URL is allowed in CORS", async () => {
+    const response = await fetch(`${baseEndpoint}/api/v1/membership/zzzzzz`, {
+      headers: {
+        Origin: "https://acmuiuc.pages.dev",
+      },
+    });
+    expect(response.status).toBe(200);
+    expect(response.headers.get("access-control-allow-origin")).toStrictEqual(
+      "https://acmuiuc.pages.dev",
+    );
+  });
+  test("Membership: Unknown URL is not allowed in CORS", async () => {
+    const response = await fetch(`${baseEndpoint}/api/v1/membership/zzzzzz`, {
+      headers: {
+        Origin: "https://google.com",
+      },
+    });
+    expect(response.status).toBe(200);
+    expect(response.headers).not.toHaveProperty("access-control-allow-origin");
+  });
+});
