diff options
Diffstat (limited to 'test')
| -rw-r--r-- | test/cors.test.ts | 39 | ||||
| -rw-r--r-- | test/storage.test.ts | 3 |
2 files changed, 39 insertions, 3 deletions
diff --git a/test/cors.test.ts b/test/cors.test.ts new file mode 100644 index 0000000..621c263 --- /dev/null +++ b/test/cors.test.ts @@ -0,0 +1,39 @@ +import { describe, expect, it } from 'vitest'; + +import { PosthookServer } from '../src/server/index.js'; + +const corsHeaders = (corsOriginsRaw: string, origin: string | undefined) => { + const server = new PosthookServer({} as any, {} as any, corsOriginsRaw); + return (server as any).corsHeaders(origin) as Record<string, string>; +}; + +describe('CORS origin matching', () => { + it('defaults to allow-all with *', () => { + expect(corsHeaders('*', 'http://localhost:8080')).toEqual({ + 'Access-Control-Allow-Origin': '*', + }); + }); + + it('supports apex and wildcard host matching over https', () => { + expect(corsHeaders('*.liz.coffee,liz.coffee', 'https://liz.coffee')).toEqual({ + 'Access-Control-Allow-Origin': 'https://liz.coffee', + }); + + expect(corsHeaders('*.liz.coffee,liz.coffee', 'https://beta.posthook.liz.coffee')).toEqual({ + 'Access-Control-Allow-Origin': 'https://beta.posthook.liz.coffee', + }); + + expect(corsHeaders('*.liz.coffee,liz.coffee', 'https://evil.com')).toEqual({}); + }); + + it('rejects http origins when restricted', () => { + expect(corsHeaders('*.liz.coffee,liz.coffee', 'http://liz.coffee')).toEqual({}); + }); + + it('does not match apex with wildcard alone', () => { + expect(corsHeaders('*.liz.coffee', 'https://liz.coffee')).toEqual({}); + expect(corsHeaders('*.liz.coffee', 'https://a.liz.coffee')).toMatchObject({ + 'Access-Control-Allow-Origin': 'https://a.liz.coffee', + }); + }); +}); diff --git a/test/storage.test.ts b/test/storage.test.ts index 7b64aa1..200c81a 100644 --- a/test/storage.test.ts +++ b/test/storage.test.ts @@ -97,9 +97,6 @@ describe('Storage', () => { expect(requestJson.routeName).toBe('route1'); expect(requestJson.files?.[0].filename).toBe(storedFile.filename); - const bodyJson = JSON.parse(await readFile(join(requestDir, 'body.json'), 'utf-8')); - expect(bodyJson).toEqual({ hello: 'world' }); - const savedBytes = await readFile(join(requestDir, storedFile.path)); expect(savedBytes.length).toBe(3); }); |