mirror of
https://github.com/microsoft/playwright.git
synced 2024-10-27 13:50:25 +03:00
fix(cors): allow routing the cors request with credentials (#3336)
This commit is contained in:
parent
eac8aeedaf
commit
b3091deb78
@ -193,8 +193,9 @@ export class CRNetworkManager {
|
|||||||
if (requestPausedEvent.request.method === 'OPTIONS' && this._page._isRouted(requestPausedEvent.request.url)) {
|
if (requestPausedEvent.request.method === 'OPTIONS' && this._page._isRouted(requestPausedEvent.request.url)) {
|
||||||
const requestHeaders = requestPausedEvent.request.headers;
|
const requestHeaders = requestPausedEvent.request.headers;
|
||||||
const responseHeaders: Protocol.Fetch.HeaderEntry[] = [
|
const responseHeaders: Protocol.Fetch.HeaderEntry[] = [
|
||||||
{ name: 'Access-Control-Allow-Origin', value: requestHeaders['Access-Control-Allow-Methods'] || '*' },
|
{ name: 'Access-Control-Allow-Origin', value: requestHeaders['Origin'] || '*' },
|
||||||
{ name: 'Access-Control-Allow-Methods', value: requestHeaders['Access-Control-Request-Method'] || 'GET, POST, OPTIONS, DELETE' }
|
{ name: 'Access-Control-Allow-Methods', value: requestHeaders['Access-Control-Request-Method'] || 'GET, POST, OPTIONS, DELETE' },
|
||||||
|
{ name: 'Access-Control-Allow-Credentials', value: 'true' }
|
||||||
];
|
];
|
||||||
if (requestHeaders['Access-Control-Request-Headers'])
|
if (requestHeaders['Access-Control-Request-Headers'])
|
||||||
responseHeaders.push({ name: 'Access-Control-Allow-Headers', value: requestHeaders['Access-Control-Request-Headers'] });
|
responseHeaders.push({ name: 'Access-Control-Allow-Headers', value: requestHeaders['Access-Control-Request-Headers'] });
|
||||||
|
@ -470,6 +470,64 @@ it('should support cors with POST', async({page, server}) => {
|
|||||||
expect(resp).toEqual(['electric', 'gas']);
|
expect(resp).toEqual(['electric', 'gas']);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('should support cors with credentials', async({page, server}) => {
|
||||||
|
await page.goto(server.EMPTY_PAGE);
|
||||||
|
await page.route('**/cars', async (route) => {
|
||||||
|
await route.fulfill({
|
||||||
|
contentType: 'application/json',
|
||||||
|
headers: {
|
||||||
|
'Access-Control-Allow-Origin': server.PREFIX,
|
||||||
|
'Access-Control-Allow-Credentials': 'true'
|
||||||
|
},
|
||||||
|
status: 200,
|
||||||
|
body: JSON.stringify(['electric', 'gas']),
|
||||||
|
});
|
||||||
|
});
|
||||||
|
const resp = await page.evaluate(async () => {
|
||||||
|
const response = await fetch('https://example.com/cars', {
|
||||||
|
method: 'POST',
|
||||||
|
headers: { 'Content-Type': 'application/json' },
|
||||||
|
mode: 'cors',
|
||||||
|
body: JSON.stringify({ 'number': 1 }),
|
||||||
|
credentials: 'include'
|
||||||
|
});
|
||||||
|
return response.json();
|
||||||
|
});
|
||||||
|
expect(resp).toEqual(['electric', 'gas']);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('should reject cors with disallowed credentials', async({page, server}) => {
|
||||||
|
await page.goto(server.EMPTY_PAGE);
|
||||||
|
await page.route('**/cars', async (route) => {
|
||||||
|
await route.fulfill({
|
||||||
|
contentType: 'application/json',
|
||||||
|
headers: {
|
||||||
|
'Access-Control-Allow-Origin': server.PREFIX,
|
||||||
|
// Should fail without this line below!
|
||||||
|
// 'Access-Control-Allow-Credentials': 'true'
|
||||||
|
},
|
||||||
|
status: 200,
|
||||||
|
body: JSON.stringify(['electric', 'gas']),
|
||||||
|
});
|
||||||
|
});
|
||||||
|
let error = '';
|
||||||
|
try {
|
||||||
|
const resp = await page.evaluate(async () => {
|
||||||
|
const response = await fetch('https://example.com/cars', {
|
||||||
|
method: 'POST',
|
||||||
|
headers: { 'Content-Type': 'application/json' },
|
||||||
|
mode: 'cors',
|
||||||
|
body: JSON.stringify({ 'number': 1 }),
|
||||||
|
credentials: 'include'
|
||||||
|
});
|
||||||
|
return response.json();
|
||||||
|
});
|
||||||
|
} catch (e) {
|
||||||
|
error = e;
|
||||||
|
}
|
||||||
|
expect(error).toBeTruthy();
|
||||||
|
});
|
||||||
|
|
||||||
it('should support cors for different methods', async({page, server}) => {
|
it('should support cors for different methods', async({page, server}) => {
|
||||||
await page.goto(server.EMPTY_PAGE);
|
await page.goto(server.EMPTY_PAGE);
|
||||||
await page.route('**/cars', async (route, request) => {
|
await page.route('**/cars', async (route, request) => {
|
||||||
|
Loading…
Reference in New Issue
Block a user