(route)
| 2 | import { describe, expect, it, beforeEach } from 'vitest'; |
| 3 | |
| 4 | export const testCorsForRoute = (route) => { |
| 5 | describe(`CORS Middleware for ${route}`, () => { |
| 6 | let url = ''; |
| 7 | |
| 8 | beforeEach(() => { |
| 9 | url = `${global.SERVER_URL}${route}`; |
| 10 | }); |
| 11 | |
| 12 | it('deve permitir solicitações da origem permitida', async () => { |
| 13 | const response = await axios.get(url, { |
| 14 | headers: { Origin: 'http://exemplo.com' }, |
| 15 | }); |
| 16 | expect(response.headers['access-control-allow-origin']).toBe('*'); |
| 17 | }); |
| 18 | |
| 19 | it('deve lidar corretamente com pre-flight CORS request', async () => { |
| 20 | const response = await axios.options(url, { |
| 21 | headers: { |
| 22 | Origin: 'http://exemplo.com', |
| 23 | 'Access-Control-Request-Method': 'GET', |
| 24 | 'Access-Control-Request-Headers': 'Content-Type, Authorization', |
| 25 | }, |
| 26 | }); |
| 27 | |
| 28 | expect(response.headers['access-control-allow-origin']).toBe('*'); |
| 29 | expect(response.headers['access-control-allow-methods']).toContain( |
| 30 | 'GET,HEAD,PUT,PATCH,POST,DELETE' |
| 31 | ); |
| 32 | expect(response.headers['access-control-allow-headers']).toContain( |
| 33 | 'Content-Type' |
| 34 | ); |
| 35 | expect(response.headers['access-control-allow-headers']).toContain( |
| 36 | 'Authorization' |
| 37 | ); |
| 38 | expect(response.status).toBe(204); |
| 39 | }); |
| 40 | |
| 41 | it('deve permitir métodos específicos', async () => { |
| 42 | const response = await axios.options(url, { |
| 43 | headers: { |
| 44 | Origin: 'http://exemplo.com', |
| 45 | 'Access-Control-Request-Method': 'GET', |
| 46 | }, |
| 47 | }); |
| 48 | expect(response.headers['access-control-allow-methods']).toContain('GET'); |
| 49 | }); |
| 50 | |
| 51 | it('deve permitir cabeçalhos específicos', async () => { |
| 52 | const response = await axios.options(url, { |
| 53 | headers: { |
| 54 | Origin: 'http://exemplo.com', |
| 55 | 'Access-Control-Request-Headers': 'Content-Type', |
| 56 | }, |
| 57 | }); |
| 58 | expect(response.headers['access-control-allow-headers']).toContain( |
| 59 | 'Content-Type' |
| 60 | ); |
| 61 | }); |
no outgoing calls
no test coverage detected