Improve CORS check

50be1af8 · Nils Goroll · ca076230 · 50be1af8
Unverified Commit 50be1af8 authored Oct 01, 2021 by Nils Goroll
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 0 deletions

plain_cors.vtc src/vtc/plain_cors.vtc +15 -0

No files found.
--- a/src/vtc/plain_cors.vtc
+++ b/src/vtc/plain_cors.vtc
@@ -115,6 +115,19 @@ client c2 {
 	rxresp
 	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin

+	# partial Upload with create
+	txreq	-method OPTIONS \
+		-hdr "Origin: http://my-cors-origin"
+	rxresp
+	expect resp.status == 204
+	expect resp.http.Tus-Resumable == "1.0.0"
+	expect resp.http.Tus-Version == "1.0.0"
+	expect resp.http.Tus-Extension == "creation,creation-with-upload,expiration,termination,concatenation"
+	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+	expect resp.http.Access-Control-Allow-Methods == "POST, GET, HEAD, PATCH, DELETE, OPTIONS"
+	expect resp.http.Access-Control-Allow-Headers == "Authorization, Origin, X-Requested-With, X-Request-ID, X-HTTP-Method-Override, Content-Type, Upload-Length, Upload-Offset, Tus-Resumable, Upload-Metadata, Upload-Defer-Length, Upload-Concat"
+	expect resp.http.Tus-Max-Size == 3145
+
 	# partial Upload with create
 	txreq	-method POST \
 		-hdr "Upload-Metadata: filename d29ybGRfZG9taW5hdGlvbl9wbGFuLnBkZg==,is_confidential" \
@@ -138,6 +151,7 @@ client c2 {
 	expect resp.http.Upload-Metadata == "filename d29ybGRfZG9taW5hdGlvbl9wbGFuLnBkZg==,is_confidential"
 	expect resp.http.Location == "http://localhost/vtc"
 	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+	expect resp.http.Access-Control-Expose-Headers == "Upload-Offset, Content-Location, Location, Upload-Length, Tus-Version, Tus-Resumable, Tus-Max-Size, Tus-Extension, Upload-Metadata, Upload-Defer-Length, Upload-Concat"

 	expect resp.http.has-filename == true
 	expect resp.http.has-is_confidential == true
@@ -165,6 +179,7 @@ client c2 {
 	## XXX only for HEAD?
 	expect resp.http.Upload-Metadata == "filename d29ybGRfZG9taW5hdGlvbl9wbGFuLnBkZg==,is_confidential"
 	expect resp.http.Access-Control-Allow-Origin == http://my-cors-origin
+	expect resp.http.Access-Control-Expose-Headers == "Upload-Offset, Content-Location, Location, Upload-Length, Tus-Version, Tus-Resumable, Tus-Max-Size, Tus-Extension, Upload-Metadata, Upload-Defer-Length, Upload-Concat"

 	expect resp.http.has-filename == true
 	expect resp.http.has-is_confidential == true