Mercurial > hg > isophonics-drupal-site

annotate core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php @ 19:fa3358dc1485 tip

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Add ndrum files
author Chris Cannam
date Wed, 28 Aug 2019 13:14:47 +0100
parents 129ea1e6d783
children
rev   line source
Chris@0 1 <?php
Chris@0 2
Chris@0 3 namespace Drupal\FunctionalTests\HttpKernel;
Chris@0 4
Chris@0 5 use Drupal\Core\Url;
Chris@0 6 use Drupal\Tests\BrowserTestBase;
Chris@0 7
Chris@0 8 /**
Chris@0 9 * Tests CORS provided by Drupal.
Chris@0 10 *
Chris@0 11 * @see sites/default/default.services.yml
Chris@0 12 * @see \Asm89\Stack\Cors
Chris@0 13 * @see \Asm89\Stack\CorsService
Chris@0 14 *
Chris@0 15 * @group Http
Chris@0 16 */
Chris@0 17 class CorsIntegrationTest extends BrowserTestBase {
Chris@0 18
Chris@0 19 /**
Chris@0 20 * {@inheritdoc}
Chris@0 21 */
Chris@0 22 public static $modules = ['system', 'test_page_test', 'page_cache'];
Chris@0 23
Chris@0 24 public function testCrossSiteRequest() {
Chris@0 25 // Test default parameters.
Chris@0 26 $cors_config = $this->container->getParameter('cors.config');
Chris@0 27 $this->assertSame(FALSE, $cors_config['enabled']);
Chris@0 28 $this->assertSame([], $cors_config['allowedHeaders']);
Chris@0 29 $this->assertSame([], $cors_config['allowedMethods']);
Chris@0 30 $this->assertSame(['*'], $cors_config['allowedOrigins']);
Chris@0 31
Chris@0 32 $this->assertSame(FALSE, $cors_config['exposedHeaders']);
Chris@0 33 $this->assertSame(FALSE, $cors_config['maxAge']);
Chris@0 34 $this->assertSame(FALSE, $cors_config['supportsCredentials']);
Chris@0 35
Chris@0 36 // Enable CORS with the default options.
Chris@0 37 $cors_config['enabled'] = TRUE;
Chris@0 38
Chris@0 39 $this->setContainerParameter('cors.config', $cors_config);
Chris@0 40 $this->rebuildContainer();
Chris@0 41
Chris@0 42 // Fire off a request.
Chris@0 43 $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']);
Chris@0 44 $this->assertSession()->statusCodeEquals(200);
Chris@0 45 $this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'MISS');
Chris@0 46 $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
Chris@0 47
Chris@0 48 // Fire the same exact request. This time it should be cached.
Chris@0 49 $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']);
Chris@0 50 $this->assertSession()->statusCodeEquals(200);
Chris@0 51 $this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'HIT');
Chris@0 52 $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
Chris@0 53
Chris@0 54 // Fire a request for a different origin. Verify the CORS header.
Chris@0 55 $this->drupalGet('/test-page', [], ['Origin' => 'http://example.org']);
Chris@0 56 $this->assertSession()->statusCodeEquals(200);
Chris@0 57 $this->assertSession()->responseHeaderEquals('X-Drupal-Cache', 'HIT');
Chris@0 58 $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.org');
Chris@0 59
Chris@0 60 // Configure the CORS stack to allow a specific set of origins.
Chris@0 61 $cors_config['allowedOrigins'] = ['http://example.com'];
Chris@0 62
Chris@0 63 $this->setContainerParameter('cors.config', $cors_config);
Chris@0 64 $this->rebuildContainer();
Chris@0 65
Chris@0 66 // Fire a request from an origin that isn't allowed.
Chris@0 67 /** @var \Symfony\Component\HttpFoundation\Response $response */
Chris@0 68 $this->drupalGet('/test-page', [], ['Origin' => 'http://non-valid.com']);
Chris@0 69 $this->assertSession()->statusCodeEquals(403);
Chris@0 70 $this->assertSession()->pageTextContains('Not allowed.');
Chris@0 71
Chris@0 72 // Specify a valid origin.
Chris@0 73 $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']);
Chris@0 74 $this->assertSession()->statusCodeEquals(200);
Chris@0 75 $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
Chris@0 76
Chris@0 77 // Verify POST still functions with 'Origin' header set to site's domain.
Chris@0 78 $origin = \Drupal::request()->getSchemeAndHttpHost();
Chris@0 79
Chris@0 80 /** @var \GuzzleHttp\ClientInterface $httpClient */
Chris@0 81 $httpClient = $this->getSession()->getDriver()->getClient()->getClient();
Chris@0 82 $url = Url::fromUri('base:/test-page');
Chris@0 83 $response = $httpClient->request('POST', $url->setAbsolute()->toString(), [
Chris@0 84 'headers' => [
Chris@0 85 'Origin' => $origin,
Chris@17 86 ],
Chris@0 87 ]);
Chris@0 88 $this->assertEquals(200, $response->getStatusCode());
Chris@0 89 }
Chris@0 90
Chris@0 91 }