parent
456248eabf
commit
ff1deabf55
|
@ -4,6 +4,7 @@ rust:
|
|||
- nightly
|
||||
# Minimum Rust set by Rocket
|
||||
- nightly-2018-01-13
|
||||
cache: cargo
|
||||
env:
|
||||
global:
|
||||
- TRAVIS_CARGO_NIGHTLY_FEATURE=""
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
[package]
|
||||
name = "rocket_cors"
|
||||
version = "0.2.1"
|
||||
version = "0.2.2"
|
||||
license = "Apache-2.0"
|
||||
authors = ["Yong Wen Chua <me@yongwen.xyz>"]
|
||||
description = "Cross-origin resource sharing (CORS) for Rocket.rs applications"
|
||||
|
|
|
@ -29,7 +29,7 @@ work, but they are subject to the minimum that Rocket sets.
|
|||
Add the following to Cargo.toml:
|
||||
|
||||
```toml
|
||||
rocket_cors = "0.2.1"
|
||||
rocket_cors = "0.2.2"
|
||||
```
|
||||
|
||||
To use the latest `master` branch, for example:
|
||||
|
|
|
@ -4,7 +4,7 @@ extern crate rocket;
|
|||
extern crate rocket_cors;
|
||||
|
||||
use rocket::http::Method;
|
||||
use rocket_cors::{AllowedOrigins, AllowedHeaders};
|
||||
use rocket_cors::{AllowedHeaders, AllowedOrigins};
|
||||
|
||||
#[get("/")]
|
||||
fn cors<'a>() -> &'a str {
|
||||
|
|
|
@ -7,7 +7,7 @@ use std::io::Cursor;
|
|||
|
||||
use rocket::Response;
|
||||
use rocket::http::Method;
|
||||
use rocket_cors::{Guard, AllowedOrigins, AllowedHeaders, Responder};
|
||||
use rocket_cors::{AllowedHeaders, AllowedOrigins, Guard, Responder};
|
||||
|
||||
/// Using a `Responder` -- the usual way you would use this
|
||||
#[get("/")]
|
||||
|
|
|
@ -6,7 +6,7 @@ extern crate rocket_cors as cors;
|
|||
extern crate serde_json;
|
||||
|
||||
use rocket::http::Method;
|
||||
use cors::{Cors, AllowedOrigins, AllowedHeaders};
|
||||
use cors::{AllowedHeaders, AllowedOrigins, Cors};
|
||||
|
||||
fn main() {
|
||||
// The default demonstrates the "All" serialization of several of the settings
|
||||
|
|
|
@ -5,17 +5,17 @@ extern crate rocket_cors;
|
|||
|
||||
use std::io::Cursor;
|
||||
|
||||
use rocket::{State, Response};
|
||||
use rocket::{Response, State};
|
||||
use rocket::http::Method;
|
||||
use rocket::response::Responder;
|
||||
use rocket_cors::{Cors, AllowedOrigins, AllowedHeaders};
|
||||
use rocket_cors::{AllowedHeaders, AllowedOrigins, Cors};
|
||||
|
||||
/// Using a borrowed Cors
|
||||
#[get("/")]
|
||||
fn borrowed<'r>(options: State<'r, Cors>) -> impl Responder<'r> {
|
||||
options.inner().respond_borrowed(
|
||||
|guard| guard.responder("Hello CORS"),
|
||||
)
|
||||
options
|
||||
.inner()
|
||||
.respond_borrowed(|guard| guard.responder("Hello CORS"))
|
||||
}
|
||||
|
||||
/// Using a `Response` instead of a `Responder`. You generally won't have to do this.
|
||||
|
@ -24,9 +24,9 @@ fn response<'r>(options: State<'r, Cors>) -> impl Responder<'r> {
|
|||
let mut response = Response::new();
|
||||
response.set_sized_body(Cursor::new("Hello CORS!"));
|
||||
|
||||
options.inner().respond_borrowed(
|
||||
move |guard| guard.response(response),
|
||||
)
|
||||
options
|
||||
.inner()
|
||||
.respond_borrowed(move |guard| guard.response(response))
|
||||
}
|
||||
|
||||
/// Create and use an ad-hoc Cors
|
||||
|
|
|
@ -10,7 +10,7 @@ extern crate rocket_cors;
|
|||
|
||||
use rocket::http::Method;
|
||||
use rocket::response::Responder;
|
||||
use rocket_cors::{Cors, Guard, AllowedOrigins, AllowedHeaders};
|
||||
use rocket_cors::{AllowedHeaders, AllowedOrigins, Cors, Guard};
|
||||
|
||||
/// The "usual" app route
|
||||
#[get("/")]
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
//! Fairing implementation
|
||||
use std::str::FromStr;
|
||||
|
||||
use rocket::{self, Request, Outcome};
|
||||
use rocket::http::{self, Status, Header};
|
||||
use rocket::{self, Outcome, Request};
|
||||
use rocket::http::{self, Header, Status};
|
||||
|
||||
use {Cors, Error, validate, preflight_response, actual_request_response, origin, request_headers};
|
||||
use {actual_request_response, origin, preflight_response, request_headers, validate, Cors, Error};
|
||||
|
||||
/// An injected header to quickly give the result of CORS
|
||||
static CORS_HEADER: &str = "ROCKET-CORS";
|
||||
|
@ -82,9 +82,10 @@ fn on_response_wrapper(
|
|||
};
|
||||
|
||||
// Get validation result from injected header
|
||||
let injected_header = request.headers().get_one(CORS_HEADER).ok_or_else(|| {
|
||||
Error::MissingInjectedHeader
|
||||
})?;
|
||||
let injected_header = request
|
||||
.headers()
|
||||
.get_one(CORS_HEADER)
|
||||
.ok_or_else(|| Error::MissingInjectedHeader)?;
|
||||
let result = InjectedHeader::from_str(injected_header)?;
|
||||
|
||||
if let InjectedHeader::Failure = result {
|
||||
|
@ -107,9 +108,7 @@ fn on_response_wrapper(
|
|||
//
|
||||
// TODO: Is there anyway we can make this smarter? Only modify status codes for
|
||||
// requests where an actual route exist?
|
||||
if request.method() == http::Method::Options &&
|
||||
request.route().is_none()
|
||||
{
|
||||
if request.method() == http::Method::Options && request.route().is_none() {
|
||||
info_!(
|
||||
"CORS Fairing: Turned missing route {} into an OPTIONS pre-flight request",
|
||||
request
|
||||
|
@ -124,16 +123,14 @@ impl rocket::fairing::Fairing for Cors {
|
|||
fn info(&self) -> rocket::fairing::Info {
|
||||
rocket::fairing::Info {
|
||||
name: "CORS",
|
||||
kind: rocket::fairing::Kind::Attach | rocket::fairing::Kind::Request |
|
||||
rocket::fairing::Kind::Response,
|
||||
kind: rocket::fairing::Kind::Attach | rocket::fairing::Kind::Request
|
||||
| rocket::fairing::Kind::Response,
|
||||
}
|
||||
}
|
||||
|
||||
fn on_attach(&self, rocket: rocket::Rocket) -> Result<rocket::Rocket, rocket::Rocket> {
|
||||
match self.validate() {
|
||||
Ok(()) => {
|
||||
Ok(rocket.mount(&self.fairing_route_base, vec![fairing_route()]))
|
||||
}
|
||||
Ok(()) => Ok(rocket.mount(&self.fairing_route_base, vec![fairing_route()])),
|
||||
Err(e) => {
|
||||
error_!("Error attaching CORS fairing: {}", e);
|
||||
Err(rocket)
|
||||
|
@ -170,7 +167,7 @@ mod tests {
|
|||
use rocket::http::{Method, Status};
|
||||
use rocket::local::Client;
|
||||
|
||||
use {Cors, AllOrSome, AllowedOrigins, AllowedHeaders};
|
||||
use {AllOrSome, AllowedHeaders, AllowedOrigins, Cors};
|
||||
|
||||
const CORS_ROOT: &'static str = "/my_cors";
|
||||
|
||||
|
@ -214,9 +211,9 @@ mod tests {
|
|||
let rocket = rocket(make_cors_options());
|
||||
|
||||
let expected_uri = format!("{}/<status>", CORS_ROOT);
|
||||
let error_route = rocket.routes().find(|r| {
|
||||
r.method == Method::Get && r.uri.as_str() == expected_uri
|
||||
});
|
||||
let error_route = rocket
|
||||
.routes()
|
||||
.find(|r| r.method == Method::Get && r.uri.as_str() == expected_uri);
|
||||
assert!(error_route.is_some());
|
||||
}
|
||||
|
||||
|
|
|
@ -20,8 +20,7 @@ use url_serde;
|
|||
#[derive(Eq, PartialEq, Clone, Debug, Hash)]
|
||||
#[cfg_attr(feature = "serialization", derive(Serialize, Deserialize))]
|
||||
pub struct HeaderFieldName(
|
||||
#[cfg_attr(feature = "serialization", serde(with = "unicase_serde::unicase"))]
|
||||
UniCase<String>
|
||||
#[cfg_attr(feature = "serialization", serde(with = "unicase_serde::unicase"))] UniCase<String>,
|
||||
);
|
||||
|
||||
impl Deref for HeaderFieldName {
|
||||
|
@ -64,10 +63,7 @@ pub type HeaderFieldNamesSet = HashSet<HeaderFieldName>;
|
|||
/// A wrapped `url::Url` to allow for deserialization
|
||||
#[derive(Eq, PartialEq, Clone, Hash, Debug)]
|
||||
#[cfg_attr(feature = "serialization", derive(Serialize, Deserialize))]
|
||||
pub struct Url(
|
||||
#[cfg_attr(feature = "serialization", serde(with = "url_serde"))]
|
||||
url::Url
|
||||
);
|
||||
pub struct Url(#[cfg_attr(feature = "serialization", serde(with = "url_serde"))] url::Url);
|
||||
|
||||
impl fmt::Display for Url {
|
||||
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
|
||||
|
@ -97,12 +93,10 @@ impl<'a, 'r> FromRequest<'a, 'r> for Url {
|
|||
|
||||
fn from_request(request: &'a rocket::Request<'r>) -> request::Outcome<Self, ::Error> {
|
||||
match request.headers().get_one("Origin") {
|
||||
Some(origin) => {
|
||||
match Self::from_str(origin) {
|
||||
Ok(origin) => Outcome::Success(origin),
|
||||
Err(e) => Outcome::Failure((Status::BadRequest, ::Error::BadOrigin(e))),
|
||||
}
|
||||
}
|
||||
Some(origin) => match Self::from_str(origin) {
|
||||
Ok(origin) => Outcome::Success(origin),
|
||||
Err(e) => Outcome::Failure((Status::BadRequest, ::Error::BadOrigin(e))),
|
||||
},
|
||||
None => Outcome::Forward(()),
|
||||
}
|
||||
}
|
||||
|
@ -134,12 +128,10 @@ impl<'a, 'r> FromRequest<'a, 'r> for AccessControlRequestMethod {
|
|||
|
||||
fn from_request(request: &'a rocket::Request<'r>) -> request::Outcome<Self, ::Error> {
|
||||
match request.headers().get_one("Access-Control-Request-Method") {
|
||||
Some(request_method) => {
|
||||
match Self::from_str(request_method) {
|
||||
Ok(request_method) => Outcome::Success(request_method),
|
||||
Err(e) => Outcome::Failure((Status::BadRequest, ::Error::BadRequestMethod(e))),
|
||||
}
|
||||
}
|
||||
Some(request_method) => match Self::from_str(request_method) {
|
||||
Ok(request_method) => Outcome::Success(request_method),
|
||||
Err(e) => Outcome::Failure((Status::BadRequest, ::Error::BadRequestMethod(e))),
|
||||
},
|
||||
None => Outcome::Forward(()),
|
||||
}
|
||||
}
|
||||
|
@ -175,14 +167,12 @@ impl<'a, 'r> FromRequest<'a, 'r> for AccessControlRequestHeaders {
|
|||
|
||||
fn from_request(request: &'a rocket::Request<'r>) -> request::Outcome<Self, ::Error> {
|
||||
match request.headers().get_one("Access-Control-Request-Headers") {
|
||||
Some(request_headers) => {
|
||||
match Self::from_str(request_headers) {
|
||||
Ok(request_headers) => Outcome::Success(request_headers),
|
||||
Err(()) => {
|
||||
unreachable!("`AccessControlRequestHeaders::from_str` should never fail")
|
||||
}
|
||||
Some(request_headers) => match Self::from_str(request_headers) {
|
||||
Ok(request_headers) => Outcome::Success(request_headers),
|
||||
Err(()) => {
|
||||
unreachable!("`AccessControlRequestHeaders::from_str` should never fail")
|
||||
}
|
||||
}
|
||||
},
|
||||
None => Outcome::Forward(()),
|
||||
}
|
||||
}
|
||||
|
|
269
src/lib.rs
269
src/lib.rs
|
@ -27,7 +27,7 @@
|
|||
//! Add the following to Cargo.toml:
|
||||
//!
|
||||
//! ```toml
|
||||
//! rocket_cors = "0.2.1"
|
||||
//! rocket_cors = "0.2.2"
|
||||
//! ```
|
||||
//!
|
||||
//! To use the latest `master` branch, for example:
|
||||
|
@ -43,7 +43,7 @@
|
|||
//! your `Cargo.toml` to:
|
||||
//!
|
||||
//! ```toml
|
||||
//! rocket_cors = { version = "0.2.1", default-features = false }
|
||||
//! rocket_cors = { version = "0.2.2", default-features = false }
|
||||
//! ```
|
||||
//!
|
||||
//! ## Usage
|
||||
|
@ -473,56 +473,18 @@
|
|||
//!
|
||||
//! ```
|
||||
|
||||
#![allow(
|
||||
legacy_directory_ownership,
|
||||
missing_copy_implementations,
|
||||
missing_debug_implementations,
|
||||
unknown_lints,
|
||||
unsafe_code,
|
||||
)]
|
||||
#![deny(
|
||||
const_err,
|
||||
dead_code,
|
||||
deprecated,
|
||||
exceeding_bitshifts,
|
||||
improper_ctypes,
|
||||
missing_docs,
|
||||
mutable_transmutes,
|
||||
no_mangle_const_items,
|
||||
non_camel_case_types,
|
||||
non_shorthand_field_patterns,
|
||||
non_upper_case_globals,
|
||||
overflowing_literals,
|
||||
path_statements,
|
||||
plugin_as_library,
|
||||
private_no_mangle_fns,
|
||||
private_no_mangle_statics,
|
||||
stable_features,
|
||||
trivial_casts,
|
||||
trivial_numeric_casts,
|
||||
unconditional_recursion,
|
||||
unknown_crate_types,
|
||||
unreachable_code,
|
||||
unused_allocation,
|
||||
unused_assignments,
|
||||
unused_attributes,
|
||||
unused_comparisons,
|
||||
unused_extern_crates,
|
||||
unused_features,
|
||||
unused_imports,
|
||||
unused_import_braces,
|
||||
unused_qualifications,
|
||||
unused_must_use,
|
||||
unused_mut,
|
||||
unused_parens,
|
||||
unused_results,
|
||||
unused_unsafe,
|
||||
unused_variables,
|
||||
variant_size_differences,
|
||||
warnings,
|
||||
while_true,
|
||||
)]
|
||||
|
||||
#![allow(legacy_directory_ownership, missing_copy_implementations, missing_debug_implementations,
|
||||
unknown_lints, unsafe_code)]
|
||||
#![deny(const_err, dead_code, deprecated, exceeding_bitshifts, improper_ctypes, missing_docs,
|
||||
mutable_transmutes, no_mangle_const_items, non_camel_case_types,
|
||||
non_shorthand_field_patterns, non_upper_case_globals, overflowing_literals,
|
||||
path_statements, plugin_as_library, private_no_mangle_fns, private_no_mangle_statics,
|
||||
stable_features, trivial_casts, trivial_numeric_casts, unconditional_recursion,
|
||||
unknown_crate_types, unreachable_code, unused_allocation, unused_assignments,
|
||||
unused_attributes, unused_comparisons, unused_extern_crates, unused_features,
|
||||
unused_imports, unused_import_braces, unused_qualifications, unused_must_use, unused_mut,
|
||||
unused_parens, unused_results, unused_unsafe, unused_variables, variant_size_differences,
|
||||
warnings, while_true)]
|
||||
#![cfg_attr(test, feature(plugin))]
|
||||
#![cfg_attr(test, plugin(rocket_codegen))]
|
||||
#![doc(test(attr(allow(unused_variables), deny(warnings))))]
|
||||
|
@ -548,10 +510,10 @@ extern crate url_serde;
|
|||
extern crate hyper;
|
||||
#[cfg(feature = "serialization")]
|
||||
#[cfg(test)]
|
||||
extern crate serde_test;
|
||||
extern crate serde_json;
|
||||
#[cfg(feature = "serialization")]
|
||||
#[cfg(test)]
|
||||
extern crate serde_json;
|
||||
extern crate serde_test;
|
||||
|
||||
#[cfg(test)]
|
||||
#[macro_use]
|
||||
|
@ -561,7 +523,7 @@ mod fairing;
|
|||
pub mod headers;
|
||||
|
||||
use std::borrow::Cow;
|
||||
use std::collections::{HashSet, HashMap};
|
||||
use std::collections::{HashMap, HashSet};
|
||||
use std::error;
|
||||
use std::fmt;
|
||||
use std::marker::PhantomData;
|
||||
|
@ -570,11 +532,11 @@ use std::str::FromStr;
|
|||
|
||||
use rocket::{Outcome, State};
|
||||
use rocket::http::{self, Status};
|
||||
use rocket::request::{Request, FromRequest};
|
||||
use rocket::request::{FromRequest, Request};
|
||||
use rocket::response;
|
||||
|
||||
use headers::{HeaderFieldName, HeaderFieldNamesSet, Origin, AccessControlRequestHeaders,
|
||||
AccessControlRequestMethod, Url};
|
||||
use headers::{AccessControlRequestHeaders, AccessControlRequestMethod, HeaderFieldName,
|
||||
HeaderFieldNamesSet, Origin, Url};
|
||||
|
||||
/// Errors during operations
|
||||
///
|
||||
|
@ -620,12 +582,14 @@ pub enum Error {
|
|||
impl Error {
|
||||
fn status(&self) -> Status {
|
||||
match *self {
|
||||
Error::MissingOrigin | Error::OriginNotAllowed | Error::MethodNotAllowed |
|
||||
Error::HeadersNotAllowed => Status::Forbidden,
|
||||
Error::CredentialsWithWildcardOrigin |
|
||||
Error::MissingCorsInRocketState |
|
||||
Error::MissingInjectedHeader |
|
||||
Error::UnknownInjectedHeader => Status::InternalServerError,
|
||||
Error::MissingOrigin
|
||||
| Error::OriginNotAllowed
|
||||
| Error::MethodNotAllowed
|
||||
| Error::HeadersNotAllowed => Status::Forbidden,
|
||||
Error::CredentialsWithWildcardOrigin
|
||||
| Error::MissingCorsInRocketState
|
||||
| Error::MissingInjectedHeader
|
||||
| Error::UnknownInjectedHeader => Status::InternalServerError,
|
||||
_ => Status::BadRequest,
|
||||
}
|
||||
}
|
||||
|
@ -645,7 +609,7 @@ impl error::Error for Error {
|
|||
}
|
||||
Error::MissingRequestHeaders => {
|
||||
"The request header `Access-Control-Request-Headers` \
|
||||
is required but is missing"
|
||||
is required but is missing"
|
||||
}
|
||||
Error::OriginNotAllowed => "Origin is not allowed to request",
|
||||
Error::MethodNotAllowed => "Method is not allowed",
|
||||
|
@ -778,7 +742,7 @@ mod method_serde {
|
|||
use std::fmt;
|
||||
use std::str::FromStr;
|
||||
|
||||
use serde::{self, Serialize, Deserialize};
|
||||
use serde::{self, Deserialize, Serialize};
|
||||
|
||||
use Method;
|
||||
|
||||
|
@ -1158,7 +1122,6 @@ impl Cors {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
/// A CORS Response which provides the following CORS headers:
|
||||
///
|
||||
/// - `Access-Control-Allow-Origin`
|
||||
|
@ -1340,7 +1303,6 @@ impl Response {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
/// A [request guard](https://rocket.rs/guide/requests/#request-guards) to check CORS headers
|
||||
/// before a route is run. Will not execute the route if checks fail.
|
||||
///
|
||||
|
@ -1559,12 +1521,10 @@ fn validate_origin(
|
|||
match *allowed_origins {
|
||||
// Always matching is acceptable since the list of origins can be unbounded.
|
||||
AllOrSome::All => Ok(()),
|
||||
AllOrSome::Some(ref allowed_origins) => {
|
||||
allowed_origins
|
||||
.get(origin)
|
||||
.and_then(|_| Some(()))
|
||||
.ok_or_else(|| Error::OriginNotAllowed)
|
||||
}
|
||||
AllOrSome::Some(ref allowed_origins) => allowed_origins
|
||||
.get(origin)
|
||||
.and_then(|_| Some(()))
|
||||
.ok_or_else(|| Error::OriginNotAllowed),
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -1637,7 +1597,6 @@ fn preflight_validate(
|
|||
method: &Option<AccessControlRequestMethod>,
|
||||
headers: &Option<AccessControlRequestHeaders>,
|
||||
) -> Result<(), Error> {
|
||||
|
||||
options.validate()?; // Fast-forward check for #7
|
||||
|
||||
// Note: All header parse failures are dealt with in the `FromRequest` trait implementation
|
||||
|
@ -1828,13 +1787,13 @@ pub fn catch_all_options_routes() -> Vec<rocket::Route> {
|
|||
isize::max_value(),
|
||||
http::Method::Options,
|
||||
"/",
|
||||
catch_all_options_route_handler
|
||||
catch_all_options_route_handler,
|
||||
),
|
||||
rocket::Route::ranked(
|
||||
isize::max_value(),
|
||||
http::Method::Options,
|
||||
"/<catch_all_options_route..>",
|
||||
catch_all_options_route_handler
|
||||
catch_all_options_route_handler,
|
||||
),
|
||||
]
|
||||
}
|
||||
|
@ -1844,7 +1803,6 @@ fn catch_all_options_route_handler<'r>(
|
|||
request: &'r Request,
|
||||
_: rocket::Data,
|
||||
) -> rocket::handler::Outcome<'r> {
|
||||
|
||||
let guard: Guard = match request.guard() {
|
||||
Outcome::Success(guard) => guard,
|
||||
Outcome::Failure((status, _)) => return rocket::handler::Outcome::failure(status),
|
||||
|
@ -2099,7 +2057,6 @@ mod tests {
|
|||
.collect(),
|
||||
),
|
||||
).unwrap();
|
||||
|
||||
}
|
||||
|
||||
#[test]
|
||||
|
@ -2149,8 +2106,6 @@ mod tests {
|
|||
.next()
|
||||
.is_none()
|
||||
);
|
||||
|
||||
|
||||
}
|
||||
|
||||
#[derive(Debug, PartialEq)]
|
||||
|
@ -2162,9 +2117,11 @@ mod tests {
|
|||
#[cfg(feature = "serialization")]
|
||||
#[test]
|
||||
fn method_serde_roundtrip() {
|
||||
use serde_test::{Token, assert_tokens};
|
||||
use serde_test::{assert_tokens, Token};
|
||||
|
||||
let test = MethodTest { method: From::from(http::Method::Get) };
|
||||
let test = MethodTest {
|
||||
method: From::from(http::Method::Get),
|
||||
};
|
||||
|
||||
assert_tokens(
|
||||
&test,
|
||||
|
@ -2185,15 +2142,14 @@ mod tests {
|
|||
let options = make_cors_options();
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
|
||||
let request = client
|
||||
|
@ -2219,15 +2175,14 @@ mod tests {
|
|||
let options = make_invalid_options();
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
|
||||
let request = client
|
||||
|
@ -2245,15 +2200,14 @@ mod tests {
|
|||
options.allowed_origins = AllOrSome::All;
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.example.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.example.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
|
||||
let request = client
|
||||
|
@ -2277,15 +2231,14 @@ mod tests {
|
|||
let options = make_cors_options();
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.example.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.example.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
|
||||
let request = client
|
||||
|
@ -2303,17 +2256,17 @@ mod tests {
|
|||
let options = make_cors_options();
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
|
||||
let request = client.options("/").header(origin_header).header(
|
||||
request_headers,
|
||||
);
|
||||
let request = client
|
||||
.options("/")
|
||||
.header(origin_header)
|
||||
.header(request_headers);
|
||||
|
||||
let _ = validate(&options, request.inner()).unwrap();
|
||||
}
|
||||
|
@ -2324,15 +2277,14 @@ mod tests {
|
|||
let options = make_cors_options();
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Post,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
|
||||
let request = client
|
||||
|
@ -2350,9 +2302,8 @@ mod tests {
|
|||
let options = make_cors_options();
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
|
@ -2376,9 +2327,8 @@ mod tests {
|
|||
let options = make_cors_options();
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let request = client.get("/").header(origin_header);
|
||||
|
||||
let result = validate(&options, request.inner()).expect("to not fail");
|
||||
|
@ -2395,9 +2345,8 @@ mod tests {
|
|||
let options = make_invalid_options();
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let request = client.get("/").header(origin_header);
|
||||
|
||||
let _ = validate(&options, request.inner()).unwrap();
|
||||
|
@ -2409,9 +2358,8 @@ mod tests {
|
|||
options.allowed_origins = AllOrSome::All;
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.example.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.example.com").unwrap());
|
||||
let request = client.get("/").header(origin_header);
|
||||
|
||||
let result = validate(&options, request.inner()).expect("to not fail");
|
||||
|
@ -2428,9 +2376,8 @@ mod tests {
|
|||
let options = make_cors_options();
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.example.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.example.com").unwrap());
|
||||
let request = client.get("/").header(origin_header);
|
||||
|
||||
let _ = validate(&options, request.inner()).unwrap();
|
||||
|
@ -2452,15 +2399,14 @@ mod tests {
|
|||
let options = make_cors_options();
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
|
||||
let request = client
|
||||
|
@ -2491,15 +2437,14 @@ mod tests {
|
|||
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
|
||||
let request = client
|
||||
|
@ -2530,15 +2475,14 @@ mod tests {
|
|||
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
|
||||
let request = client
|
||||
|
@ -2564,9 +2508,8 @@ mod tests {
|
|||
let options = make_cors_options();
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let request = client.get("/").header(origin_header);
|
||||
|
||||
let response = validate_and_build(&options, request.inner()).expect("to not fail");
|
||||
|
@ -2587,9 +2530,8 @@ mod tests {
|
|||
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let request = client.get("/").header(origin_header);
|
||||
|
||||
let response = validate_and_build(&options, request.inner()).expect("to not fail");
|
||||
|
@ -2610,9 +2552,8 @@ mod tests {
|
|||
|
||||
let client = make_client();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let request = client.get("/").header(origin_header);
|
||||
|
||||
let response = validate_and_build(&options, request.inner()).expect("to not fail");
|
||||
|
|
|
@ -47,15 +47,14 @@ fn smoke_test() {
|
|||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
// `Options` pre-flight checks
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/")
|
||||
|
@ -67,9 +66,8 @@ fn smoke_test() {
|
|||
assert!(response.status().class().is_success());
|
||||
|
||||
// "Actual" request
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let authorization = Header::new("Authorization", "let me in");
|
||||
let req = client.get("/").header(origin_header).header(authorization);
|
||||
|
||||
|
@ -89,15 +87,14 @@ fn smoke_test() {
|
|||
fn cors_options_check() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/")
|
||||
|
@ -119,9 +116,8 @@ fn cors_options_check() {
|
|||
fn cors_get_check() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let authorization = Header::new("Authorization", "let me in");
|
||||
let req = client.get("/").header(origin_header).header(authorization);
|
||||
|
||||
|
@ -155,15 +151,14 @@ fn cors_get_no_origin() {
|
|||
fn cors_options_bad_origin() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/")
|
||||
|
@ -183,13 +178,14 @@ fn cors_options_missing_origin() {
|
|||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client.options("/").header(method_header).header(
|
||||
request_headers,
|
||||
);
|
||||
let req = client
|
||||
.options("/")
|
||||
.header(method_header)
|
||||
.header(request_headers);
|
||||
|
||||
let response = req.dispatch();
|
||||
assert_eq!(response.status(), Status::NotFound);
|
||||
|
@ -206,15 +202,14 @@ fn cors_options_missing_origin() {
|
|||
fn cors_options_bad_request_method() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Post,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/")
|
||||
|
@ -236,9 +231,8 @@ fn cors_options_bad_request_method() {
|
|||
fn cors_options_bad_request_header() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
|
@ -265,9 +259,8 @@ fn cors_options_bad_request_header() {
|
|||
fn cors_get_bad_origin() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap());
|
||||
let authorization = Header::new("Authorization", "let me in");
|
||||
let req = client.get("/").header(origin_header).header(authorization);
|
||||
|
||||
|
@ -288,15 +281,14 @@ fn cors_get_bad_origin() {
|
|||
fn routes_failing_checks_are_not_executed() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/panic")
|
||||
|
|
105
tests/guard.rs
105
tests/guard.rs
|
@ -89,15 +89,14 @@ fn smoke_test() {
|
|||
let client = Client::new(rocket).unwrap();
|
||||
|
||||
// `Options` pre-flight checks
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/")
|
||||
|
@ -109,9 +108,8 @@ fn smoke_test() {
|
|||
assert!(response.status().class().is_success());
|
||||
|
||||
// "Actual" request
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let authorization = Header::new("Authorization", "let me in");
|
||||
let req = client.get("/").header(origin_header).header(authorization);
|
||||
|
||||
|
@ -133,15 +131,14 @@ fn cors_options_catch_all_check() {
|
|||
let rocket = make_rocket();
|
||||
let client = Client::new(rocket).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/")
|
||||
|
@ -159,22 +156,20 @@ fn cors_options_catch_all_check() {
|
|||
assert_eq!("https://www.acme.com", origin_header);
|
||||
}
|
||||
|
||||
|
||||
/// Check the "catch all" OPTIONS route works for other routes
|
||||
#[test]
|
||||
fn cors_options_catch_all_check_other_routes() {
|
||||
let rocket = make_rocket();
|
||||
let client = Client::new(rocket).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/response/unit")
|
||||
|
@ -197,9 +192,8 @@ fn cors_get_check() {
|
|||
let rocket = make_rocket();
|
||||
let client = Client::new(rocket).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let authorization = Header::new("Authorization", "let me in");
|
||||
let req = client.get("/").header(origin_header).header(authorization);
|
||||
|
||||
|
@ -241,15 +235,14 @@ fn cors_options_bad_origin() {
|
|||
let rocket = make_rocket();
|
||||
let client = Client::new(rocket).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/")
|
||||
|
@ -275,13 +268,14 @@ fn cors_options_missing_origin() {
|
|||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client.options("/").header(method_header).header(
|
||||
request_headers,
|
||||
);
|
||||
let req = client
|
||||
.options("/")
|
||||
.header(method_header)
|
||||
.header(request_headers);
|
||||
|
||||
let response = req.dispatch();
|
||||
assert!(response.status().class().is_success());
|
||||
|
@ -298,15 +292,14 @@ fn cors_options_bad_request_method() {
|
|||
let rocket = make_rocket();
|
||||
let client = Client::new(rocket).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Post,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/")
|
||||
|
@ -329,9 +322,8 @@ fn cors_options_bad_request_header() {
|
|||
let rocket = make_rocket();
|
||||
let client = Client::new(rocket).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
|
@ -359,9 +351,8 @@ fn cors_get_bad_origin() {
|
|||
let rocket = make_rocket();
|
||||
let client = Client::new(rocket).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap());
|
||||
let authorization = Header::new("Authorization", "let me in");
|
||||
let req = client.get("/").header(origin_header).header(authorization);
|
||||
|
||||
|
@ -383,9 +374,8 @@ fn routes_failing_checks_are_not_executed() {
|
|||
let rocket = make_rocket();
|
||||
let client = Client::new(rocket).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap());
|
||||
let authorization = Header::new("Authorization", "let me in");
|
||||
let req = client.get("/").header(origin_header).header(authorization);
|
||||
|
||||
|
@ -406,15 +396,14 @@ fn overridden_options_routes_are_used() {
|
|||
let rocket = make_rocket();
|
||||
let client = Client::new(rocket).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/manual")
|
||||
|
|
|
@ -34,9 +34,8 @@ fn request_headers_round_trip_smoke_test() {
|
|||
let rocket = rocket::ignite().mount("/", routes![request_headers]);
|
||||
let client = Client::new(rocket).expect("A valid Rocket client");
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://foo.bar.xyz").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://foo.bar.xyz").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
|
@ -53,9 +52,10 @@ fn request_headers_round_trip_smoke_test() {
|
|||
let mut response = req.dispatch();
|
||||
|
||||
assert!(response.status().class().is_success());
|
||||
let body_str = response.body().and_then(|body| body.into_string()).expect(
|
||||
"Non-empty body",
|
||||
);
|
||||
let body_str = response
|
||||
.body()
|
||||
.and_then(|body| body.into_string())
|
||||
.expect("Non-empty body");
|
||||
let expected_body = r#"https://foo.bar.xyz/
|
||||
GET
|
||||
X-Ping, accept-language"#;
|
||||
|
|
123
tests/manual.rs
123
tests/manual.rs
|
@ -18,9 +18,9 @@ use rocket_cors::*;
|
|||
/// Using a borrowed `Cors`
|
||||
#[get("/")]
|
||||
fn cors<'r>(options: State<'r, Cors>) -> impl Responder<'r> {
|
||||
options.inner().respond_borrowed(
|
||||
|guard| guard.responder("Hello CORS"),
|
||||
)
|
||||
options
|
||||
.inner()
|
||||
.respond_borrowed(|guard| guard.responder("Hello CORS"))
|
||||
}
|
||||
|
||||
#[get("/panic")]
|
||||
|
@ -52,9 +52,9 @@ fn owned<'r>() -> impl Responder<'r> {
|
|||
#[allow(unmounted_route)]
|
||||
#[get("/")]
|
||||
fn responder_string<'r>(options: State<'r, Cors>) -> impl Responder<'r> {
|
||||
options.inner().respond_borrowed(|guard| {
|
||||
guard.responder("Hello CORS".to_string())
|
||||
})
|
||||
options
|
||||
.inner()
|
||||
.respond_borrowed(|guard| guard.responder("Hello CORS".to_string()))
|
||||
}
|
||||
|
||||
struct TestState;
|
||||
|
@ -108,15 +108,14 @@ fn smoke_test() {
|
|||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
// `Options` pre-flight checks
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/")
|
||||
|
@ -128,9 +127,8 @@ fn smoke_test() {
|
|||
assert!(response.status().class().is_success());
|
||||
|
||||
// "Actual" request
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let authorization = Header::new("Authorization", "let me in");
|
||||
let req = client.get("/").header(origin_header).header(authorization);
|
||||
|
||||
|
@ -150,15 +148,14 @@ fn smoke_test() {
|
|||
fn cors_options_borrowed_check() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/")
|
||||
|
@ -180,9 +177,8 @@ fn cors_options_borrowed_check() {
|
|||
fn cors_get_borrowed_check() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let authorization = Header::new("Authorization", "let me in");
|
||||
let req = client.get("/").header(origin_header).header(authorization);
|
||||
|
||||
|
@ -216,15 +212,14 @@ fn cors_get_no_origin() {
|
|||
fn cors_options_bad_origin() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/")
|
||||
|
@ -243,13 +238,14 @@ fn cors_options_missing_origin() {
|
|||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client.options("/").header(method_header).header(
|
||||
request_headers,
|
||||
);
|
||||
let req = client
|
||||
.options("/")
|
||||
.header(method_header)
|
||||
.header(request_headers);
|
||||
|
||||
let response = req.dispatch();
|
||||
assert!(response.status().class().is_success());
|
||||
|
@ -265,15 +261,14 @@ fn cors_options_missing_origin() {
|
|||
fn cors_options_bad_request_method() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Post,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/")
|
||||
|
@ -295,9 +290,8 @@ fn cors_options_bad_request_method() {
|
|||
fn cors_options_bad_request_header() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
|
@ -324,9 +318,8 @@ fn cors_options_bad_request_header() {
|
|||
fn cors_get_bad_origin() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap());
|
||||
let authorization = Header::new("Authorization", "let me in");
|
||||
let req = client.get("/").header(origin_header).header(authorization);
|
||||
|
||||
|
@ -347,15 +340,14 @@ fn cors_get_bad_origin() {
|
|||
fn routes_failing_checks_are_not_executed() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/panic")
|
||||
|
@ -379,15 +371,14 @@ fn cors_options_owned_check() {
|
|||
let rocket = rocket();
|
||||
let client = Client::new(rocket).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.example.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.example.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/owned")
|
||||
|
@ -412,13 +403,13 @@ fn cors_options_owned_check() {
|
|||
fn cors_get_owned_check() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.example.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.example.com").unwrap());
|
||||
let authorization = Header::new("Authorization", "let me in");
|
||||
let req = client.get("/owned").header(origin_header).header(
|
||||
authorization,
|
||||
);
|
||||
let req = client
|
||||
.get("/owned")
|
||||
.header(origin_header)
|
||||
.header(authorization);
|
||||
|
||||
let mut response = req.dispatch();
|
||||
assert!(response.status().class().is_success());
|
||||
|
|
98
tests/mix.rs
98
tests/mix.rs
|
@ -11,11 +11,11 @@ extern crate rocket_cors;
|
|||
|
||||
use std::str::FromStr;
|
||||
|
||||
use rocket::http::{Method, Header, Status};
|
||||
use rocket::http::{Header, Method, Status};
|
||||
use rocket::local::Client;
|
||||
use rocket::response::Responder;
|
||||
|
||||
use rocket_cors::{Cors, Guard, AllowedOrigins, AllowedHeaders};
|
||||
use rocket_cors::{AllowedHeaders, AllowedOrigins, Cors, Guard};
|
||||
|
||||
/// The "usual" app route
|
||||
#[get("/")]
|
||||
|
@ -82,15 +82,14 @@ fn smoke_test() {
|
|||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
// `Options` pre-flight checks
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/")
|
||||
|
@ -102,9 +101,8 @@ fn smoke_test() {
|
|||
assert!(response.status().class().is_success());
|
||||
|
||||
// "Actual" request
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let authorization = Header::new("Authorization", "let me in");
|
||||
let req = client.get("/").header(origin_header).header(authorization);
|
||||
|
||||
|
@ -124,15 +122,14 @@ fn smoke_test() {
|
|||
fn cors_options_check() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/")
|
||||
|
@ -154,9 +151,8 @@ fn cors_options_check() {
|
|||
fn cors_get_check() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let authorization = Header::new("Authorization", "let me in");
|
||||
let req = client.get("/").header(origin_header).header(authorization);
|
||||
|
||||
|
@ -190,15 +186,14 @@ fn cors_get_no_origin() {
|
|||
fn cors_options_bad_origin() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/")
|
||||
|
@ -217,13 +212,14 @@ fn cors_options_missing_origin() {
|
|||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client.options("/").header(method_header).header(
|
||||
request_headers,
|
||||
);
|
||||
let req = client
|
||||
.options("/")
|
||||
.header(method_header)
|
||||
.header(request_headers);
|
||||
|
||||
let response = req.dispatch();
|
||||
assert!(response.status().class().is_success());
|
||||
|
@ -239,15 +235,14 @@ fn cors_options_missing_origin() {
|
|||
fn cors_options_bad_request_method() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Post,
|
||||
));
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(
|
||||
vec![FromStr::from_str("Authorization").unwrap()],
|
||||
);
|
||||
let request_headers = hyper::header::AccessControlRequestHeaders(vec![
|
||||
FromStr::from_str("Authorization").unwrap(),
|
||||
]);
|
||||
let request_headers = Header::from(request_headers);
|
||||
let req = client
|
||||
.options("/")
|
||||
|
@ -269,9 +264,8 @@ fn cors_options_bad_request_method() {
|
|||
fn cors_options_bad_request_header() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.acme.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.acme.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
|
@ -298,9 +292,8 @@ fn cors_options_bad_request_header() {
|
|||
fn cors_get_bad_origin() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.bad-origin.com").unwrap());
|
||||
let authorization = Header::new("Authorization", "let me in");
|
||||
let req = client.get("/").header(origin_header).header(authorization);
|
||||
|
||||
|
@ -319,16 +312,16 @@ fn cors_get_bad_origin() {
|
|||
fn cors_options_ping_check() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.example.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.example.com").unwrap());
|
||||
let method_header = Header::from(hyper::header::AccessControlRequestMethod(
|
||||
hyper::method::Method::Get,
|
||||
));
|
||||
|
||||
let req = client.options("/ping").header(origin_header).header(
|
||||
method_header,
|
||||
);
|
||||
let req = client
|
||||
.options("/ping")
|
||||
.header(origin_header)
|
||||
.header(method_header);
|
||||
|
||||
let response = req.dispatch();
|
||||
assert!(response.status().class().is_success());
|
||||
|
@ -345,9 +338,8 @@ fn cors_options_ping_check() {
|
|||
fn cors_get_ping_check() {
|
||||
let client = Client::new(rocket()).unwrap();
|
||||
|
||||
let origin_header = Header::from(
|
||||
hyper::header::Origin::from_str("https://www.example.com").unwrap(),
|
||||
);
|
||||
let origin_header =
|
||||
Header::from(hyper::header::Origin::from_str("https://www.example.com").unwrap());
|
||||
|
||||
let req = client.get("/ping").header(origin_header);
|
||||
|
||||
|
|
Loading…
Reference in New Issue