-
-
Notifications
You must be signed in to change notification settings - Fork 10
Expand file tree
/
Copy pathCorsTestFixture.cs
More file actions
87 lines (71 loc) · 2.91 KB
/
Copy pathCorsTestFixture.cs
File metadata and controls
87 lines (71 loc) · 2.91 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.DependencyInjection;
namespace NpgsqlRestTests.Setup;
[CollectionDefinition("CorsTestFixture")]
public class CorsTestFixtureCollection : ICollectionFixture<CorsTestFixture> { }
/// <summary>
/// Test fixture for CORS (Cross-Origin Resource Sharing) tests.
/// Creates a web application with CORS enabled to verify:
/// - Preflight OPTIONS requests work correctly
/// - AllowedOrigins restricts correctly
/// - AllowCredentials header is present when configured
/// - Methods/Headers filtering works
/// </summary>
public class CorsTestFixture : IDisposable
{
private readonly WebApplication _app;
private readonly HttpClient _client;
public HttpClient Client => _client;
public string ServerAddress { get; }
/// <summary>
/// The allowed origin used in CORS configuration
/// </summary>
public const string AllowedOrigin = "https://allowed-origin.example.com";
/// <summary>
/// A disallowed origin for testing rejection
/// </summary>
public const string DisallowedOrigin = "https://disallowed-origin.example.com";
public CorsTestFixture()
{
var connectionString = Database.Create();
var builder = WebApplication.CreateBuilder();
builder.WebHost.UseUrls("http://127.0.0.1:0");
// Configure CORS with specific settings
builder.Services.AddCors(options =>
{
options.AddPolicy("TestCorsPolicy", policy =>
{
policy.WithOrigins(AllowedOrigin)
.WithMethods("GET", "POST", "PUT", "DELETE")
.WithHeaders("Content-Type", "Authorization", "X-Custom-Header")
.AllowCredentials()
.SetPreflightMaxAge(TimeSpan.FromMinutes(10));
});
});
_app = builder.Build();
// CORS must be before routing/endpoints
_app.UseCors("TestCorsPolicy");
// Add NpgsqlRest for API endpoint testing
_app.UseNpgsqlRest(new NpgsqlRestOptions(connectionString)
{
IncludeSchemas = ["public"],
NameNotSimilarTo = "(cp[_x]|rlpt[_]|ast[_])%", // exclude functions owned by CacheProfilesTestFixture, RateLimiterPartitionTestFixture, and AuthSchemeTestFixture
CommentsMode = CommentsMode.ParseAll,
RequiresAuthorization = false
});
_app.StartAsync().GetAwaiter().GetResult();
ServerAddress = _app.Urls.First();
// Create HttpClient without any default headers
_client = new HttpClient { BaseAddress = new Uri(ServerAddress) };
_client.Timeout = TimeSpan.FromMinutes(5);
}
#pragma warning disable CA1816
public void Dispose()
#pragma warning restore CA1816
{
_client.Dispose();
_app.StopAsync().GetAwaiter().GetResult();
_app.DisposeAsync().GetAwaiter().GetResult();
}
}