[go: up one dir, main page]

warp 0.1.11

serve the web at warp speeds
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128

#![deny(warnings)]
extern crate pretty_env_logger;
extern crate warp;

use warp::{http::Method, Filter};

#[test]
fn allow_methods() {
    let cors = warp::cors()
        .allow_methods(&[
            Method::GET,
            Method::POST,
            Method::DELETE,
        ]);

    let route = warp::any()
        .map(warp::reply)
        .with(cors);

    let res = warp::test::request()
        .method("OPTIONS")
        .header("origin", "warp")
        .header("access-control-request-method", "DELETE")
        .reply(&route);

    assert_eq!(res.status(), 200);

    let res = warp::test::request()
        .method("OPTIONS")
        .header("origin", "warp")
        .header("access-control-request-method", "PUT")
        .reply(&route);

    assert_eq!(res.status(), 403);
}

#[test]
fn origin_not_allowed() {
    let cors = warp::cors()
        .allow_methods(&[Method::DELETE])
        .allow_origin("https://hyper.rs");

    let route = warp::any()
        .map(warp::reply)
        .with(cors);

    let res = warp::test::request()
        .method("OPTIONS")
        .header("origin", "https://warp.rs")
        .header("access-control-request-method", "DELETE")
        .reply(&route);

    assert_eq!(res.status(), 403);

    let res = warp::test::request()
        .header("origin", "https://warp.rs")
        .header("access-control-request-method", "DELETE")
        .reply(&route);

    assert_eq!(res.status(), 403);
}

#[test]
fn headers_not_allowed() {
    let cors = warp::cors()
        .allow_methods(&[Method::DELETE])
        .allow_headers(vec!["x-foo"]);

    let route = warp::any()
        .map(warp::reply)
        .with(cors);

    let res = warp::test::request()
        .method("OPTIONS")
        .header("origin", "https://warp.rs")
        .header("access-control-request-headers", "x-bar")
        .header("access-control-request-method", "DELETE")
        .reply(&route);

    assert_eq!(res.status(), 403);
}

#[test]
fn success() {
    let cors = warp::cors()
        .allow_credentials(true)
        .allow_headers(vec!["x-foo", "x-bar"])
        .allow_methods(&[Method::POST, Method::DELETE])
        .max_age(30);

    let route = warp::any()
        .map(warp::reply)
        .with(cors);

    // preflight
    let res = warp::test::request()
        .method("OPTIONS")
        .header("origin", "https://hyper.rs")
        .header("access-control-request-headers", "x-bar,x-foo")
        .header("access-control-request-method", "DELETE")
        .reply(&route);
    assert_eq!(res.status(), 200);
    assert_eq!(res.headers()["access-control-allow-origin"], "https://hyper.rs");
    assert_eq!(res.headers()["access-control-allow-credentials"], "true");
    let headers = &res.headers()["access-control-allow-headers"];
    assert!(headers == "x-bar, x-foo" || headers == "x-foo, x-bar");
    assert_eq!(res.headers()["access-control-max-age"], "30");
    let methods = &res.headers()["access-control-allow-methods"];
    assert!(
        // HashSet randomly orders these...
        methods == "DELETE, POST" || methods == "POST, DELETE",
        "access-control-allow-methods: {:?}",
        methods,
    );

    // cors request
    let res = warp::test::request()
        .method("DELETE")
        .header("origin", "https://hyper.rs")
        .header("x-foo", "hello")
        .header("x-bar", "world")
        .reply(&route);
    assert_eq!(res.status(), 200);
    assert_eq!(res.headers()["access-control-allow-origin"], "https://hyper.rs");
    assert_eq!(res.headers()["access-control-allow-credentials"], "true");
    assert_eq!(res.headers().get("access-control-max-age"), None);
    assert_eq!(res.headers().get("access-control-allow-methods"), None);
}