e4dcfc49aa
Tests / Import Check (Python 3.13) (push) Has been cancelled
Tests / Import Check (Python 3.14) (push) Has been cancelled
Tests / Python Tests (Python 3.11) (push) Has been cancelled
Tests / Python Tests (Python 3.12) (push) Has been cancelled
Tests / Python Tests (Python 3.14) (push) Has been cancelled
Tests / Test Summary (push) Has been cancelled
Tests / Lint and Format (push) Has been cancelled
Tests / Web Node Tests (push) Has been cancelled
Tests / Import Check (Python 3.11) (push) Has been cancelled
Tests / Import Check (Python 3.12) (push) Has been cancelled
Tests / Python Tests (Python 3.13) (push) Has been cancelled
76 lines
2.6 KiB
Python
76 lines
2.6 KiB
Python
"""Tests for FastAPI CORS settings."""
|
|
|
|
from __future__ import annotations
|
|
|
|
from fastapi.testclient import TestClient
|
|
|
|
from deeptutor.api import main as api_main
|
|
|
|
|
|
def test_cors_allows_remote_http_origins_when_auth_disabled(
|
|
monkeypatch,
|
|
) -> None:
|
|
monkeypatch.delenv("AUTH_ENABLED", raising=False)
|
|
monkeypatch.delenv("CORS_ORIGIN", raising=False)
|
|
monkeypatch.delenv("CORS_ORIGINS", raising=False)
|
|
monkeypatch.setenv("FRONTEND_PORT", "3782")
|
|
|
|
settings = api_main._build_cors_settings()
|
|
|
|
assert settings["allow_origin_regex"] == r"https?://.*"
|
|
assert "http://localhost:3782" in settings["allow_origins"]
|
|
assert "http://127.0.0.1:3782" in settings["allow_origins"]
|
|
|
|
|
|
def test_cors_requires_explicit_origins_when_auth_enabled(monkeypatch) -> None:
|
|
monkeypatch.setenv("AUTH_ENABLED", "true")
|
|
monkeypatch.setenv("CORS_ORIGIN", "https://app.example.com/")
|
|
monkeypatch.setenv(
|
|
"CORS_ORIGINS",
|
|
"https://foo.example.com, https://bar.example.com\nhttps://foo.example.com",
|
|
)
|
|
|
|
settings = api_main._build_cors_settings()
|
|
|
|
assert settings["allow_origin_regex"] is None
|
|
assert "https://app.example.com" in settings["allow_origins"]
|
|
assert "https://foo.example.com" in settings["allow_origins"]
|
|
assert "https://bar.example.com" in settings["allow_origins"]
|
|
assert settings["allow_origins"].count("https://foo.example.com") == 1
|
|
|
|
|
|
def test_cors_normalizes_common_origin_input_mistakes(monkeypatch) -> None:
|
|
monkeypatch.setenv("AUTH_ENABLED", "true")
|
|
monkeypatch.setenv(
|
|
"CORS_ORIGIN",
|
|
"172.26.0.10:3782; https://learn.example.com/app/",
|
|
)
|
|
monkeypatch.setenv("CORS_ORIGINS", "http://localhost:3000;api.example.com")
|
|
|
|
settings = api_main._build_cors_settings()
|
|
|
|
assert settings["allow_origin_regex"] is None
|
|
assert "http://172.26.0.10:3782" in settings["allow_origins"]
|
|
assert "https://learn.example.com" in settings["allow_origins"]
|
|
assert "http://api.example.com" in settings["allow_origins"]
|
|
|
|
|
|
def test_cors_preflight_allows_partner_patch_save() -> None:
|
|
client = TestClient(api_main.app)
|
|
|
|
response = client.options(
|
|
"/api/v1/partners/partner",
|
|
headers={
|
|
"Origin": "http://localhost:3000",
|
|
"Access-Control-Request-Method": "PATCH",
|
|
"Access-Control-Request-Headers": "content-type",
|
|
},
|
|
)
|
|
|
|
assert response.status_code == 200
|
|
assert response.headers["access-control-allow-origin"] == "http://localhost:3000"
|
|
allowed_methods = {
|
|
method.strip() for method in response.headers["access-control-allow-methods"].split(",")
|
|
}
|
|
assert "PATCH" in allowed_methods
|