MCPcopy
hub / github.com/encode/starlette / test_cors_allow_all

Function test_cors_allow_all

tests/middleware/test_cors.py:10–68  ·  view source on GitHub ↗
(
    test_client_factory: TestClientFactory,
)

Source from the content-addressed store, hash-verified

8
9
10def test_cors_allow_all(
11 test_client_factory: TestClientFactory,
12) -> None:
13 def homepage(request: Request) -> PlainTextResponse:
14 return PlainTextResponse("Homepage", status_code=200)
15
16 app = Starlette(
17 routes=[Route("/", endpoint=homepage)],
18 middleware=[
19 Middleware(
20 CORSMiddleware,
21 allow_origins=["*"],
22 allow_headers=["*"],
23 allow_methods=["*"],
24 expose_headers=["X-Status"],
25 allow_credentials=True,
26 )
27 ],
28 )
29
30 client = test_client_factory(app)
31
32 # Test pre-flight response
33 headers = {
34 "Origin": "https://example.org",
35 "Access-Control-Request-Method": "GET",
36 "Access-Control-Request-Headers": "X-Example",
37 }
38 response = client.options("/", headers=headers)
39 assert response.status_code == 200
40 assert response.text == "OK"
41 assert response.headers["access-control-allow-origin"] == "https://example.org"
42 assert response.headers["access-control-allow-headers"] == "X-Example"
43 assert response.headers["access-control-allow-credentials"] == "true"
44 assert response.headers["vary"] == "Origin"
45
46 # Test standard response
47 headers = {"Origin": "https://example.org"}
48 response = client.get("/", headers=headers)
49 assert response.status_code == 200
50 assert response.text == "Homepage"
51 assert response.headers["access-control-allow-origin"] == "https://example.org"
52 assert response.headers["access-control-expose-headers"] == "X-Status"
53 assert response.headers["access-control-allow-credentials"] == "true"
54
55 # Test standard credentialed response
56 headers = {"Origin": "https://example.org", "Cookie": "star_cookie=sugar"}
57 response = client.get("/", headers=headers)
58 assert response.status_code == 200
59 assert response.text == "Homepage"
60 assert response.headers["access-control-allow-origin"] == "https://example.org"
61 assert response.headers["access-control-expose-headers"] == "X-Status"
62 assert response.headers["access-control-allow-credentials"] == "true"
63
64 # Test non-CORS response
65 response = client.get("/")
66 assert response.status_code == 200
67 assert response.text == "Homepage"

Callers

nothing calls this directly

Calls 6

StarletteClass · 0.90
RouteClass · 0.90
MiddlewareClass · 0.90
test_client_factoryFunction · 0.85
optionsMethod · 0.80
getMethod · 0.45

Tested by

no test coverage detected