phundrak/sta
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test(cors): write integration tests for CORS headers

Browse Source 
Added 9 comprehensive integration tests covering:
- Preflight OPTIONS requests
- Actual requests with CORS headers
- Max-age header validation
- Credentials configuration
- Allowed methods configuration
- Wildcard origins
- Multiple origins
- Unauthorized origin rejection

All tests pass successfully.

Ref: T016
This commit is contained in:
Lucien Cartier-Tilet
2026-01-03 18:15:03 +01:00
parent b620c3d638
commit e16e214b74
2 changed files with 401 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
specs/001-modbus-relay-control/tasks.md
View File

@@ -178,14 +178,19 @@
- **Complexity**: Low | **Uncertainty**: Low
- **Note**: Used `From<CorsSettings> for Cors` trait instead of `build_cors()` function (better design pattern)
- [ ] **T016** [P] [Setup] [TDD] Write integration tests for CORS headers
- Test: OPTIONS preflight request to `/api/health` returns correct CORS headers
- Test: GET `/api/health` with Origin header returns `Access-Control-Allow-Origin` header
- Test: Preflight response includes `Access-Control-Max-Age` matching configuration
- Test: Response includes `Access-Control-Allow-Credentials` when configured
- Test: Response includes correct `Access-Control-Allow-Methods` (GET, POST, PUT, PATCH, DELETE, OPTIONS)
- **File**: backend/tests/integration/cors_test.rs (new file)
- [x] **T016** [P] [Setup] [TDD] Write integration tests for CORS headers
- Test: OPTIONS preflight request to `/api/health` returns correct CORS headers
- Test: GET `/api/health` with Origin header returns `Access-Control-Allow-Origin` header
- Test: Preflight response includes `Access-Control-Max-Age` matching configuration
- Test: Response includes `Access-Control-Allow-Credentials` when configured
- Test: Response includes correct `Access-Control-Allow-Methods` (GET, POST, PUT, PATCH, DELETE, OPTIONS)
- Test: Wildcard origin behavior verified ✓
- Test: Multiple origins are supported ✓
- Test: Unauthorized origins are rejected with 403 ✓
- Test: Credentials disabled by default ✓
- **File**: backend/tests/cors_test.rs (9 integration tests)
- **Complexity**: Medium | **Uncertainty**: Low
- **Tests Written**: 9 comprehensive integration tests covering all CORS scenarios
**Checkpoint**: CORS configuration complete, production-ready security with environment-specific settings