File: CorsPolicyExtensionsTests.cs
Web Access
Project: src\src\Middleware\CORS\test\UnitTests\Microsoft.AspNetCore.Cors.Test.csproj (Microsoft.AspNetCore.Cors.Test)
// Licensed to the .NET Foundation under one or more agreements.
// The .NET Foundation licenses this file to you under the MIT license.
 
namespace Microsoft.AspNetCore.Cors.Infrastructure;
 
public sealed class CorsPolicyExtensionsTest
{
    [Fact]
    public void IsOriginAnAllowedSubdomain_ReturnsTrueIfPolicyContainsOrigin()
    {
        // Arrange
        const string origin = "http://sub.domain";
        var policy = new CorsPolicy();
        policy.Origins.Add(origin);
 
        // Act
        var actual = policy.IsOriginAnAllowedSubdomain(origin);
 
        // Assert
        Assert.True(actual);
    }
 
    [Theory]
    [InlineData(null)]
    [InlineData("null")]
    [InlineData("http://")]
    [InlineData("http://*")]
    [InlineData("http://.domain")]
    [InlineData("http://.domain/hello")]
    public void IsOriginAnAllowedSubdomain_ReturnsFalseIfOriginIsMalformedUri(string malformedOrigin)
    {
        // Arrange
        var policy = new CorsPolicy();
        policy.Origins.Add("http://*.domain");
 
        // Act
        var actual = policy.IsOriginAnAllowedSubdomain(malformedOrigin);
 
        // Assert
        Assert.False(actual);
    }
 
    [Theory]
    [InlineData("http://sub.domain", "http://*.domain")]
    [InlineData("http://sub.sub.domain", "http://*.domain")]
    [InlineData("http://sub.sub.domain", "http://*.sub.domain")]
    [InlineData("http://sub.domain:4567", "http://*.domain:4567")]
    public void IsOriginAnAllowedSubdomain_ReturnsTrue_WhenASubdomain(string origin, string allowedOrigin)
    {
        // Arrange
        var policy = new CorsPolicy();
        policy.Origins.Add(allowedOrigin);
 
        // Act
        var isAllowed = policy.IsOriginAnAllowedSubdomain(origin);
 
        // Assert
        Assert.True(isAllowed);
    }
 
    [Theory]
    [InlineData("http://domain", "http://*.domain")]
    [InlineData("http://sub.domain", "http://domain")]
    [InlineData("http://sub.domain:1234", "http://*.domain:5678")]
    [InlineData("http://sub.domain", "http://domain.*")]
    [InlineData("http://sub.sub.domain", "http://sub.*.domain")]
    [InlineData("http://sub.domain.hacker", "http://*.domain")]
    [InlineData("https://sub.domain", "http://*.domain")]
    public void IsOriginAnAllowedSubdomain_ReturnsFalse_WhenNotASubdomain(string origin, string allowedOrigin)
    {
        // Arrange
        var policy = new CorsPolicy();
        policy.Origins.Add(allowedOrigin);
 
        // Act
        var isAllowed = policy.IsOriginAnAllowedSubdomain(origin);
 
        // Assert
        Assert.False(isAllowed);
    }
}