def test_can_support_custom_cors(smoke_test_app):
response = requests.get(smoke_test_app.url + '/custom_cors')
response.raise_for_status()
expected_allow_origin = 'https://foo.example.com'
assert response.headers[
'Access-Control-Allow-Origin'] == expected_allow_origin
# Should also have injected an OPTIONs request.
response = requests.options(smoke_test_app.url + '/custom_cors')
response.raise_for_status()
headers = response.headers
assert headers['Access-Control-Allow-Origin'] == expected_allow_origin
assert headers['Access-Control-Allow-Headers'] == (
'Authorization,Content-Type,X-Amz-Date,X-Amz-Security-Token,'
'X-Api-Key,X-Special-Header')
_assert_contains_access_control_allow_methods(
headers, ['GET', 'POST', 'PUT', 'OPTIONS'])
assert headers['Access-Control-Max-Age'] == '600'
assert headers['Access-Control-Expose-Headers'] == 'X-Special-Header'
assert headers['Access-Control-Allow-Credentials'] == 'true'
评论列表
文章目录
