46 lines
1.8 KiB
Go
46 lines
1.8 KiB
Go
package middleware_test
|
|
|
|
import (
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"testing"
|
|
|
|
"github.com/github/github-mcp-server/pkg/http/middleware"
|
|
"github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
func TestSetCorsHeaders(t *testing.T) {
|
|
inner := http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
|
|
w.WriteHeader(http.StatusOK)
|
|
})
|
|
handler := middleware.SetCorsHeaders(inner)
|
|
|
|
t.Run("OPTIONS preflight returns 200 with CORS headers", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodOptions, "/", nil)
|
|
req.Header.Set("Origin", "http://localhost:6274")
|
|
rr := httptest.NewRecorder()
|
|
handler.ServeHTTP(rr, req)
|
|
|
|
assert.Equal(t, http.StatusOK, rr.Code)
|
|
assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin"))
|
|
assert.Contains(t, rr.Header().Get("Access-Control-Allow-Methods"), "POST")
|
|
assert.Contains(t, rr.Header().Get("Access-Control-Allow-Headers"), "Authorization")
|
|
assert.Contains(t, rr.Header().Get("Access-Control-Allow-Headers"), "Content-Type")
|
|
assert.Contains(t, rr.Header().Get("Access-Control-Allow-Headers"), "Mcp-Session-Id")
|
|
assert.Contains(t, rr.Header().Get("Access-Control-Allow-Headers"), "X-MCP-Lockdown")
|
|
assert.Contains(t, rr.Header().Get("Access-Control-Allow-Headers"), "X-MCP-Insiders")
|
|
assert.Contains(t, rr.Header().Get("Access-Control-Expose-Headers"), "Mcp-Session-Id")
|
|
assert.Contains(t, rr.Header().Get("Access-Control-Expose-Headers"), "WWW-Authenticate")
|
|
})
|
|
|
|
t.Run("POST request includes CORS headers", func(t *testing.T) {
|
|
req := httptest.NewRequest(http.MethodPost, "/", nil)
|
|
req.Header.Set("Origin", "http://localhost:6274")
|
|
rr := httptest.NewRecorder()
|
|
handler.ServeHTTP(rr, req)
|
|
|
|
assert.Equal(t, http.StatusOK, rr.Code)
|
|
assert.Equal(t, "*", rr.Header().Get("Access-Control-Allow-Origin"))
|
|
})
|
|
}
|