mirror of
https://github.com/hasura/graphql-engine.git
synced 2024-12-21 06:21:39 +03:00
8cb2738cbe
This has two purposes: * When running the Python integration tests against a running HGE instance, with `--hge-url`, it will check the environment variables available and actively skip the test if they aren't set. This replaces the previous ad-hoc skip behavior. * More interestingly, when running against a binary with `--hge-bin`, the environment variables are passed through, which means different tests can run with different environment variables. On top of this, the various services we use for testing now also provide their own environment variables, rather than expecting a test script to do it. In order to make this work, I also had to invert the dependency between various services and `hge_ctx`. I extracted a `pg_version` fixture to provide the PostgreSQL version, and now pass the `hge_url` and `hge_key` explicitly to `ActionsWebhookServer`. PR-URL: https://github.com/hasura/graphql-engine-mono/pull/6028 GitOrigin-RevId: 16d866741dba5887da1adf4e1ade8182ccc9d344
49 lines
2.1 KiB
Python
49 lines
2.1 KiB
Python
import pytest
|
|
from context import PytestConf
|
|
|
|
def url(hge_ctx):
|
|
return hge_ctx.hge_url + '/v1/version'
|
|
|
|
@pytest.mark.hge_env('HASURA_GRAPHQL_CORS_DOMAIN', 'http://*.localhost, http://localhost:3000, https://*.foo.bar.com')
|
|
class TestCors():
|
|
def assert_cors_headers(self, origin, resp):
|
|
headers = resp.headers
|
|
assert 'Access-Control-Allow-Origin' in headers
|
|
assert headers['Access-Control-Allow-Origin'] == origin
|
|
assert 'Access-Control-Allow-Credentials' in headers
|
|
assert headers['Access-Control-Allow-Credentials'] == 'true'
|
|
assert 'Access-Control-Allow-Methods' in headers
|
|
assert headers['Access-Control-Allow-Methods'] == 'GET,POST,PUT,PATCH,DELETE,OPTIONS'
|
|
|
|
def test_cors_foo_bar_top_domain(self, hge_ctx):
|
|
origin = 'https://foo.bar.com'
|
|
resp = hge_ctx.http.get(url(hge_ctx), headers={'Origin': origin})
|
|
with pytest.raises(AssertionError):
|
|
self.assert_cors_headers(origin, resp)
|
|
|
|
def test_cors_foo_bar_sub_domain(self, hge_ctx):
|
|
origin = 'https://app.foo.bar.com'
|
|
resp = hge_ctx.http.get(url(hge_ctx), headers={'Origin': origin})
|
|
self.assert_cors_headers(origin, resp)
|
|
|
|
def test_cors_foo_bar_sub_sub_domain_fails(self, hge_ctx):
|
|
origin = 'https://inst1.app.foo.bar.com'
|
|
resp = hge_ctx.http.get(url(hge_ctx), headers={'Origin': origin})
|
|
with pytest.raises(AssertionError):
|
|
self.assert_cors_headers(origin, resp)
|
|
|
|
def test_cors_localhost_domain_w_port(self, hge_ctx):
|
|
origin = 'http://localhost:3000'
|
|
resp = hge_ctx.http.get(url(hge_ctx), headers={'Origin': origin})
|
|
self.assert_cors_headers(origin, resp)
|
|
|
|
def test_cors_localhost_domain(self, hge_ctx):
|
|
origin = 'http://app.localhost'
|
|
resp = hge_ctx.http.get(url(hge_ctx), headers={'Origin': origin})
|
|
self.assert_cors_headers(origin, resp)
|
|
|
|
def test_cors_wrong_domain(self, hge_ctx):
|
|
origin = 'https://example.com'
|
|
resp = hge_ctx.http.get(url(hge_ctx), headers={'Origin': origin})
|
|
assert 'Access-Control-Allow-Origin' not in resp.headers
|