2019-05-13 17:38:53 +02:00
|
|
|
// Copyright 2019 The Gitea Authors. All rights reserved.
|
2022-11-27 19:20:29 +01:00
|
|
|
// SPDX-License-Identifier: MIT
|
2019-05-13 17:38:53 +02:00
|
|
|
|
2022-09-02 21:18:23 +02:00
|
|
|
package integration
|
2019-05-13 17:38:53 +02:00
|
|
|
|
|
|
|
import (
|
|
|
|
"net/http"
|
|
|
|
"testing"
|
|
|
|
|
2022-09-02 21:18:23 +02:00
|
|
|
"code.gitea.io/gitea/tests"
|
2022-09-05 08:04:18 +02:00
|
|
|
|
2019-05-13 17:38:53 +02:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestCORSNotSet(t *testing.T) {
|
2022-09-02 21:18:23 +02:00
|
|
|
defer tests.PrepareTestEnv(t)()
|
2023-12-22 00:59:59 +01:00
|
|
|
req := NewRequest(t, "GET", "/api/v1/version")
|
2019-05-13 17:38:53 +02:00
|
|
|
session := loginUser(t, "user2")
|
|
|
|
resp := session.MakeRequest(t, req, http.StatusOK)
|
|
|
|
assert.Equal(t, resp.Code, http.StatusOK)
|
|
|
|
corsHeader := resp.Header().Get("Access-Control-Allow-Origin")
|
2023-04-22 23:56:27 +02:00
|
|
|
assert.Empty(t, corsHeader, "Access-Control-Allow-Origin: generated header should match") // header not set
|
2019-05-13 17:38:53 +02:00
|
|
|
}
|