本文整理汇总了Python中corsheaders.middleware.CorsMiddleware类的典型用法代码示例。如果您正苦于以下问题:Python CorsMiddleware类的具体用法?Python CorsMiddleware怎么用?Python CorsMiddleware使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了CorsMiddleware类的11个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: TestCorsMiddlewareProcessRequest
class TestCorsMiddlewareProcessRequest(TestCase):
def setUp(self):
self.middleware = CorsMiddleware()
def test_process_request(self):
request = Mock(path="/")
request.method = "OPTIONS"
request.META = {"HTTP_ACCESS_CONTROL_REQUEST_METHOD": "value"}
with settings_override(CORS_URLS_REGEX="^.*$"):
response = self.middleware.process_request(request)
self.assertIsInstance(response, HttpResponse)
def test_process_request_empty_header(self):
request = Mock(path="/")
request.method = "OPTIONS"
request.META = {"HTTP_ACCESS_CONTROL_REQUEST_METHOD": ""}
with settings_override(CORS_URLS_REGEX="^.*$"):
response = self.middleware.process_request(request)
self.assertIsInstance(response, HttpResponse)
def test_process_request_no_header(self):
request = Mock(path="/")
request.method = "OPTIONS"
request.META = {}
response = self.middleware.process_request(request)
self.assertIsNone(response)
def test_process_request_not_options(self):
request = Mock(path="/")
request.method = "GET"
request.META = {"HTTP_ACCESS_CONTROL_REQUEST_METHOD": "value"}
response = self.middleware.process_request(request)
self.assertIsNone(response)示例2: TestCorsMiddlewareProcessRequest
class TestCorsMiddlewareProcessRequest(TestCase):
def setUp(self):
self.middleware = CorsMiddleware()
def test_process_request(self):
request = Mock(path='/')
request.method = 'OPTIONS'
request.META = {'HTTP_ACCESS_CONTROL_REQUEST_METHOD': 'value'}
with settings_override(CORS_URLS_REGEX='^.*$'):
response = self.middleware.process_request(request)
self.assertIsInstance(response, HttpResponse)
def test_process_request_empty_header(self):
request = Mock(path='/')
request.method = 'OPTIONS'
request.META = {'HTTP_ACCESS_CONTROL_REQUEST_METHOD': ''}
with settings_override(CORS_URLS_REGEX='^.*$'):
response = self.middleware.process_request(request)
self.assertIsInstance(response, HttpResponse)
def test_process_request_no_header(self):
request = Mock(path='/')
request.method = 'OPTIONS'
request.META = {}
response = self.middleware.process_request(request)
self.assertIsNone(response)
def test_process_request_not_options(self):
request = Mock(path='/')
request.method = 'GET'
request.META = {'HTTP_ACCESS_CONTROL_REQUEST_METHOD': 'value'}
response = self.middleware.process_request(request)
self.assertIsNone(response)示例3: setUp
def setUp(self):
self.factory = RequestFactory()
self.middleware = CorsMiddleware()
self.url = '/api/v2/search'
self.owner = create_user(username='owner', password='test')
self.pip = get(
Project, slug='pip',
users=[self.owner], privacy_level='public',
)
self.domain = get(Domain, domain='my.valid.domain', project=self.pip)示例4: TestCORSMiddleware
class TestCORSMiddleware(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.middleware = CorsMiddleware()
self.url = '/api/v2/search'
self.owner = create_user(username='owner', password='test')
self.pip = get(
Project, slug='pip',
users=[self.owner], privacy_level='public',
)
self.domain = get(Domain, domain='my.valid.domain', project=self.pip)
def test_proper_domain(self):
request = self.factory.get(
self.url,
{'project': self.pip.slug},
HTTP_ORIGIN='http://my.valid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertIn('Access-Control-Allow-Origin', resp)
def test_invalid_domain(self):
request = self.factory.get(
self.url,
{'project': self.pip.slug},
HTTP_ORIGIN='http://invalid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertNotIn('Access-Control-Allow-Origin', resp)
def test_invalid_project(self):
request = self.factory.get(
self.url,
{'project': 'foo'},
HTTP_ORIGIN='http://my.valid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertNotIn('Access-Control-Allow-Origin', resp)示例5: setUp
def setUp(self):
self.factory = RequestFactory()
self.middleware = CorsMiddleware()
self.url = '/api/v2/search'
self.owner = create_user(username='owner', password='test')
self.project = get(
Project, slug='pip',
users=[self.owner], privacy_level='public',
mail_language_project=None
)
self.subproject = get(
Project,
users=[self.owner],
privacy_level='public',
mail_language_project=None,
)
self.relationship = get(
ProjectRelationship,
parent=self.project,
child=self.subproject
)
self.domain = get(Domain, domain='my.valid.domain', project=self.project)示例6: TestCORSMiddleware
class TestCORSMiddleware(TestCase):
def setUp(self):
self.factory = RequestFactory()
self.middleware = CorsMiddleware()
self.url = '/api/v2/search'
self.owner = create_user(username='owner', password='test')
self.project = get(
Project, slug='pip',
users=[self.owner], privacy_level='public',
mail_language_project=None
)
self.subproject = get(
Project,
users=[self.owner],
privacy_level='public',
mail_language_project=None,
)
self.relationship = get(
ProjectRelationship,
parent=self.project,
child=self.subproject
)
self.domain = get(Domain, domain='my.valid.domain', project=self.project)
def test_proper_domain(self):
request = self.factory.get(
self.url,
{'project': self.project.slug},
HTTP_ORIGIN='http://my.valid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertIn('Access-Control-Allow-Origin', resp)
def test_invalid_domain(self):
request = self.factory.get(
self.url,
{'project': self.project.slug},
HTTP_ORIGIN='http://invalid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertNotIn('Access-Control-Allow-Origin', resp)
def test_invalid_project(self):
request = self.factory.get(
self.url,
{'project': 'foo'},
HTTP_ORIGIN='http://my.valid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertNotIn('Access-Control-Allow-Origin', resp)
def test_valid_subproject(self):
self.assertTrue(
Project.objects.filter(
pk=self.project.pk,
subprojects__child=self.subproject
).exists()
)
request = self.factory.get(
self.url,
{'project': self.subproject.slug},
HTTP_ORIGIN='http://my.valid.domain',
)
resp = self.middleware.process_response(request, {})
self.assertIn('Access-Control-Allow-Origin', resp)示例7: setUp
def setUp(self):
self.middleware = CorsMiddleware()示例8: TestCorsMiddlewareProcessResponse
class TestCorsMiddlewareProcessResponse(TestCase):
def setUp(self):
self.middleware = CorsMiddleware()
def assertAccessControlAllowOriginEquals(self, response, header):
self.assertIn(ACCESS_CONTROL_ALLOW_ORIGIN, response, "Response %r does "
"NOT have %r header" % (response, ACCESS_CONTROL_ALLOW_ORIGIN))
self.assertEqual(response[ACCESS_CONTROL_ALLOW_ORIGIN], header)
def test_process_response_no_origin(self, settings):
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
request = Mock(path='/', META={})
processed = self.middleware.process_response(request, response)
self.assertNotIn(ACCESS_CONTROL_ALLOW_ORIGIN, processed)
def test_process_response_not_in_whitelist(self, settings):
settings.CORS_ORIGIN_ALLOW_ALL = False
settings.CORS_ORIGIN_WHITELIST = ['example.com']
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
request = Mock(path='/', META={'HTTP_ORIGIN': 'http://foobar.it'})
processed = self.middleware.process_response(request, response)
self.assertNotIn(ACCESS_CONTROL_ALLOW_ORIGIN, processed)
def test_process_response_in_whitelist(self, settings):
settings.CORS_ORIGIN_ALLOW_ALL = False
settings.CORS_ORIGIN_WHITELIST = ['example.com', 'foobar.it']
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
request = Mock(path='/', META={'HTTP_ORIGIN': 'http://foobar.it'})
processed = self.middleware.process_response(request, response)
self.assertAccessControlAllowOriginEquals(processed, 'http://foobar.it')
def test_process_response_expose_headers(self, settings):
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_EXPOSE_HEADERS = ['accept', 'origin', 'content-type']
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
request = Mock(path='/', META={'HTTP_ORIGIN': 'http://example.com'})
processed = self.middleware.process_response(request, response)
self.assertEqual(processed[ACCESS_CONTROL_EXPOSE_HEADERS],
'accept, origin, content-type')
def test_process_response_dont_expose_headers(self, settings):
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_EXPOSE_HEADERS = []
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
request = Mock(path='/', META={'HTTP_ORIGIN': 'http://example.com'})
processed = self.middleware.process_response(request, response)
self.assertNotIn(ACCESS_CONTROL_EXPOSE_HEADERS, processed)
def test_process_response_allow_credentials(self, settings):
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_ALLOW_CREDENTIALS = True
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
request = Mock(path='/', META={'HTTP_ORIGIN': 'http://example.com'})
processed = self.middleware.process_response(request, response)
self.assertEqual(processed[ACCESS_CONTROL_ALLOW_CREDENTIALS], 'true')
def test_process_response_dont_allow_credentials(self, settings):
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_ALLOW_CREDENTIALS = False
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
request = Mock(path='/', META={'HTTP_ORIGIN': 'http://example.com'})
processed = self.middleware.process_response(request, response)
self.assertNotIn(ACCESS_CONTROL_ALLOW_CREDENTIALS, processed)
def test_process_response_options_method(self, settings):
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_ALLOW_HEADERS = ['content-type', 'origin']
settings.CORS_ALLOW_METHODS = ['GET', 'OPTIONS']
settings.CORS_PREFLIGHT_MAX_AGE = 1002
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
request_headers = {'HTTP_ORIGIN': 'http://example.com'}
request = Mock(path='/', META=request_headers, method='OPTIONS')
processed = self.middleware.process_response(request, response)
self.assertEqual(processed[ACCESS_CONTROL_ALLOW_HEADERS],
'content-type, origin')
self.assertEqual(processed[ACCESS_CONTROL_ALLOW_METHODS], 'GET, OPTIONS')
self.assertEqual(processed[ACCESS_CONTROL_MAX_AGE], '1002')
def test_process_response_options_method_no_max_age(self, settings):
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_ALLOW_HEADERS = ['content-type', 'origin']
settings.CORS_ALLOW_METHODS = ['GET', 'OPTIONS']
settings.CORS_PREFLIGHT_MAX_AGE = 0
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
request_headers = {'HTTP_ORIGIN': 'http://example.com'}
request = Mock(path='/', META=request_headers, method='OPTIONS')
processed = self.middleware.process_response(request, response)
self.assertEqual(processed[ACCESS_CONTROL_ALLOW_HEADERS],
'content-type, origin')
self.assertEqual(processed[ACCESS_CONTROL_ALLOW_METHODS], 'GET, OPTIONS')
#.........这里部分代码省略.........
示例9: TestCorsMiddlewareProcessRequest
class TestCorsMiddlewareProcessRequest(TestCase):
def setUp(self):
self.middleware = CorsMiddleware()
def test_process_request(self):
request = Mock(path='/')
request.method = 'OPTIONS'
request.META = {'HTTP_ACCESS_CONTROL_REQUEST_METHOD': 'value'}
with settings_override(CORS_URLS_REGEX='^.*$'):
response = self.middleware.process_request(request)
self.assertIsInstance(response, HttpResponse)
def test_process_request_empty_header(self):
request = Mock(path='/')
request.method = 'OPTIONS'
request.META = {'HTTP_ACCESS_CONTROL_REQUEST_METHOD': ''}
with settings_override(CORS_URLS_REGEX='^.*$'):
response = self.middleware.process_request(request)
self.assertIsInstance(response, HttpResponse)
def test_process_request_no_header(self):
request = Mock(path='/')
request.method = 'OPTIONS'
request.META = {}
response = self.middleware.process_request(request)
self.assertIsNone(response)
def test_process_request_not_options(self):
request = Mock(path='/')
request.method = 'GET'
request.META = {'HTTP_ACCESS_CONTROL_REQUEST_METHOD': 'value'}
response = self.middleware.process_request(request)
self.assertIsNone(response)
def test_process_request_replace_https_referer(self):
post_middleware = CorsPostCsrfMiddleware()
request = Mock(path='/')
request.method = 'GET'
request.is_secure = lambda: True
# make sure it doesnt blow up when HTTP_REFERER is not present
request.META = {
'HTTP_HOST': 'foobar.com',
'HTTP_ORIGIN': 'https://foo.google.com',
}
with settings_override(CORS_URLS_REGEX='^.*$',
CORS_ORIGIN_REGEX_WHITELIST='.*google.*',
CORS_REPLACE_HTTPS_REFERER=True):
response = self.middleware.process_request(request)
self.assertIsNone(response)
# make sure it doesnt blow up when HTTP_HOST is not present
request.META = {
'HTTP_REFERER': 'http://foo.google.com/',
'HTTP_ORIGIN': 'https://foo.google.com',
}
with settings_override(CORS_URLS_REGEX='^.*$',
CORS_ORIGIN_REGEX_WHITELIST='.*google.*',
CORS_REPLACE_HTTPS_REFERER=True):
response = self.middleware.process_request(request)
self.assertIsNone(response)
request.is_secure = lambda: False
request.META = {
'HTTP_REFERER': 'http://foo.google.com/',
'HTTP_HOST': 'foobar.com',
'HTTP_ORIGIN': 'http://foo.google.com',
}
# test that we won't replace if the request is not secure
with settings_override(CORS_URLS_REGEX='^.*$',
CORS_ORIGIN_REGEX_WHITELIST='.*google.*',
CORS_REPLACE_HTTPS_REFERER=True):
response = self.middleware.process_request(request)
self.assertIsNone(response)
self.assertTrue('ORIGINAL_HTTP_REFERER' not in request.META)
self.assertEquals(request.META['HTTP_REFERER'], 'http://foo.google.com/')
request.is_secure = lambda: True
request.META = {
'HTTP_REFERER': 'https://foo.google.com/',
'HTTP_HOST': 'foobar.com',
'HTTP_ORIGIN': 'https://foo.google.com',
}
# test that we won't replace with the setting off
with settings_override(CORS_URLS_REGEX='^.*$',
CORS_ORIGIN_REGEX_WHITELIST='.*google.*'):
response = self.middleware.process_request(request)
self.assertIsNone(response)
self.assertTrue('ORIGINAL_HTTP_REFERER' not in request.META)
self.assertEquals(request.META['HTTP_REFERER'], 'https://foo.google.com/')
with settings_override(CORS_URLS_REGEX='^.*$',
CORS_ORIGIN_REGEX_WHITELIST='.*google.*',
CORS_REPLACE_HTTPS_REFERER=True):
response = self.middleware.process_request(request)
self.assertIsNone(response)
self.assertEquals(request.META['ORIGINAL_HTTP_REFERER'], 'https://foo.google.com/')
#.........这里部分代码省略.........
示例10: TestCorsMiddlewareProcessResponse
class TestCorsMiddlewareProcessResponse(TestCase):
def setUp(self):
self.middleware = CorsMiddleware()
def assertAccessControlAllowOriginEquals(self, response, header):
self.assertIn(ACCESS_CONTROL_ALLOW_ORIGIN, response, "Response %r does "
"NOT have %r header" % (response, ACCESS_CONTROL_ALLOW_ORIGIN))
self.assertEqual(response[ACCESS_CONTROL_ALLOW_ORIGIN], header)
def test_process_response_no_origin(self, settings):
settings.CORS_MODEL = None
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
request = Mock(path='/', META={})
processed = self.middleware.process_response(request, response)
self.assertNotIn(ACCESS_CONTROL_ALLOW_ORIGIN, processed)
def test_process_response_not_in_whitelist(self, settings):
settings.CORS_MODEL = None
settings.CORS_ORIGIN_ALLOW_ALL = False
settings.CORS_ORIGIN_WHITELIST = ['example.com']
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
request = Mock(path='/', META={'HTTP_ORIGIN': 'http://foobar.it'})
processed = self.middleware.process_response(request, response)
self.assertNotIn(ACCESS_CONTROL_ALLOW_ORIGIN, processed)
def test_process_response_signal_works(self, settings):
def handler(sender, request, **kwargs):
return True
settings.CORS_MODEL = None
settings.CORS_ORIGIN_ALLOW_ALL = False
settings.CORS_ORIGIN_WHITELIST = ['example.com']
settings.CORS_URLS_REGEX = '^.*$'
signals.check_request_enabled.connect(handler)
response = HttpResponse()
request = Mock(path='/', META={'HTTP_ORIGIN': 'http://foobar.it'})
processed = self.middleware.process_response(request, response)
self.assertIn(ACCESS_CONTROL_ALLOW_ORIGIN, processed)
def test_process_response_in_whitelist(self, settings):
settings.CORS_MODEL = None
settings.CORS_ORIGIN_ALLOW_ALL = False
settings.CORS_ORIGIN_WHITELIST = ['example.com', 'foobar.it']
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
request = Mock(path='/', META={'HTTP_ORIGIN': 'http://foobar.it'})
processed = self.middleware.process_response(request, response)
self.assertAccessControlAllowOriginEquals(processed, 'http://foobar.it')
def test_process_response_expose_headers(self, settings):
settings.CORS_MODEL = None
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_EXPOSE_HEADERS = ['accept', 'origin', 'content-type']
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
request = Mock(path='/', META={'HTTP_ORIGIN': 'http://example.com'})
processed = self.middleware.process_response(request, response)
self.assertEqual(processed[ACCESS_CONTROL_EXPOSE_HEADERS],
'accept, origin, content-type')
def test_process_response_dont_expose_headers(self, settings):
settings.CORS_MODEL = None
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_EXPOSE_HEADERS = []
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
request = Mock(path='/', META={'HTTP_ORIGIN': 'http://example.com'})
processed = self.middleware.process_response(request, response)
self.assertNotIn(ACCESS_CONTROL_EXPOSE_HEADERS, processed)
def test_process_response_allow_credentials(self, settings):
settings.CORS_MODEL = None
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_ALLOW_CREDENTIALS = True
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
request = Mock(path='/', META={'HTTP_ORIGIN': 'http://example.com'})
processed = self.middleware.process_response(request, response)
self.assertEqual(processed[ACCESS_CONTROL_ALLOW_CREDENTIALS], 'true')
def test_process_response_dont_allow_credentials(self, settings):
settings.CORS_MODEL = None
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_ALLOW_CREDENTIALS = False
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
request = Mock(path='/', META={'HTTP_ORIGIN': 'http://example.com'})
processed = self.middleware.process_response(request, response)
self.assertNotIn(ACCESS_CONTROL_ALLOW_CREDENTIALS, processed)
def test_process_response_options_method(self, settings):
settings.CORS_MODEL = None
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_ALLOW_HEADERS = ['content-type', 'origin']
settings.CORS_ALLOW_METHODS = ['GET', 'OPTIONS']
settings.CORS_PREFLIGHT_MAX_AGE = 1002
settings.CORS_URLS_REGEX = '^.*$'
response = HttpResponse()
#.........这里部分代码省略.........
示例11: TestCorsMiddlewareProcessResponse
class TestCorsMiddlewareProcessResponse(TestCase):
def setUp(self):
self.middleware = CorsMiddleware()
def assertAccessControlAllowOriginEquals(self, response, header):
self.assertIn(
ACCESS_CONTROL_ALLOW_ORIGIN,
response,
"Response %r does " "NOT have %r header" % (response, ACCESS_CONTROL_ALLOW_ORIGIN),
)
self.assertEqual(response[ACCESS_CONTROL_ALLOW_ORIGIN], header)
def test_process_response_no_origin(self, settings):
settings.CORS_URLS_REGEX = "^.*$"
response = HttpResponse()
request = Mock(path="/", META={})
processed = self.middleware.process_response(request, response)
self.assertNotIn(ACCESS_CONTROL_ALLOW_ORIGIN, processed)
def test_process_response_not_in_whitelist(self, settings):
settings.CORS_ORIGIN_ALLOW_ALL = False
settings.CORS_ORIGIN_WHITELIST = ["example.com"]
settings.CORS_URLS_REGEX = "^.*$"
response = HttpResponse()
request = Mock(path="/", META={"HTTP_ORIGIN": "http://foobar.it"})
processed = self.middleware.process_response(request, response)
self.assertNotIn(ACCESS_CONTROL_ALLOW_ORIGIN, processed)
def test_process_response_in_whitelist(self, settings):
settings.CORS_ORIGIN_ALLOW_ALL = False
settings.CORS_ORIGIN_WHITELIST = ["example.com", "foobar.it"]
settings.CORS_URLS_REGEX = "^.*$"
response = HttpResponse()
request = Mock(path="/", META={"HTTP_ORIGIN": "http://foobar.it"})
processed = self.middleware.process_response(request, response)
self.assertAccessControlAllowOriginEquals(processed, "http://foobar.it")
def test_process_response_expose_headers(self, settings):
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_EXPOSE_HEADERS = ["accept", "origin", "content-type"]
settings.CORS_URLS_REGEX = "^.*$"
response = HttpResponse()
request = Mock(path="/", META={"HTTP_ORIGIN": "http://example.com"})
processed = self.middleware.process_response(request, response)
self.assertEqual(processed[ACCESS_CONTROL_EXPOSE_HEADERS], "accept, origin, content-type")
def test_process_response_dont_expose_headers(self, settings):
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_EXPOSE_HEADERS = []
settings.CORS_URLS_REGEX = "^.*$"
response = HttpResponse()
request = Mock(path="/", META={"HTTP_ORIGIN": "http://example.com"})
processed = self.middleware.process_response(request, response)
self.assertNotIn(ACCESS_CONTROL_EXPOSE_HEADERS, processed)
def test_process_response_allow_credentials(self, settings):
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_ALLOW_CREDENTIALS = True
settings.CORS_URLS_REGEX = "^.*$"
response = HttpResponse()
request = Mock(path="/", META={"HTTP_ORIGIN": "http://example.com"})
processed = self.middleware.process_response(request, response)
self.assertEqual(processed[ACCESS_CONTROL_ALLOW_CREDENTIALS], "true")
def test_process_response_dont_allow_credentials(self, settings):
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_ALLOW_CREDENTIALS = False
settings.CORS_URLS_REGEX = "^.*$"
response = HttpResponse()
request = Mock(path="/", META={"HTTP_ORIGIN": "http://example.com"})
processed = self.middleware.process_response(request, response)
self.assertNotIn(ACCESS_CONTROL_ALLOW_CREDENTIALS, processed)
def test_process_response_options_method(self, settings):
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_ALLOW_HEADERS = ["content-type", "origin"]
settings.CORS_ALLOW_METHODS = ["GET", "OPTIONS"]
settings.CORS_PREFLIGHT_MAX_AGE = 1002
settings.CORS_URLS_REGEX = "^.*$"
response = HttpResponse()
request_headers = {"HTTP_ORIGIN": "http://example.com"}
request = Mock(path="/", META=request_headers, method="OPTIONS")
processed = self.middleware.process_response(request, response)
self.assertEqual(processed[ACCESS_CONTROL_ALLOW_HEADERS], "content-type, origin")
self.assertEqual(processed[ACCESS_CONTROL_ALLOW_METHODS], "GET, OPTIONS")
self.assertEqual(processed[ACCESS_CONTROL_MAX_AGE], "1002")
def test_process_response_options_method_no_max_age(self, settings):
settings.CORS_ORIGIN_ALLOW_ALL = True
settings.CORS_ALLOW_HEADERS = ["content-type", "origin"]
settings.CORS_ALLOW_METHODS = ["GET", "OPTIONS"]
settings.CORS_PREFLIGHT_MAX_AGE = 0
settings.CORS_URLS_REGEX = "^.*$"
response = HttpResponse()
request_headers = {"HTTP_ORIGIN": "http://example.com"}
request = Mock(path="/", META=request_headers, method="OPTIONS")
processed = self.middleware.process_response(request, response)
self.assertEqual(processed[ACCESS_CONTROL_ALLOW_HEADERS], "content-type, origin")
self.assertEqual(processed[ACCESS_CONTROL_ALLOW_METHODS], "GET, OPTIONS")
self.assertNotIn(ACCESS_CONTROL_MAX_AGE, processed)
#.........这里部分代码省略.........