mirror of
https://github.com/graphql-hive/console
synced 2026-05-04 22:18:59 +00:00
44 lines
1.7 KiB
TypeScript
44 lines
1.7 KiB
TypeScript
import { ensureEnv } from '../../testkit/env';
|
|
import { getServiceHost } from '../../testkit/utils';
|
|
|
|
const registryAddress = await getServiceHost('server', 8082);
|
|
|
|
const endpoint = `http://${registryAddress}`;
|
|
|
|
test('no origin header -> no CORS checks', async () => {
|
|
const request = await fetch(`${endpoint}/graphql`);
|
|
expect(request.headers.get('access-control-allow-origin')).toEqual(null);
|
|
expect(request.headers.get('access-control-allow-credentials')).toEqual(null);
|
|
expect(request.status).toEqual(200);
|
|
expect(await request.text()).toMatchInlineSnapshot(
|
|
`{"errors":[{"message":"Must provide query string.","extensions":{"code":"BAD_REQUEST"}}]}`,
|
|
);
|
|
});
|
|
|
|
test('unmatching origin -> send CORS error', async () => {
|
|
const request = await fetch(`${endpoint}/graphql`, {
|
|
headers: {
|
|
origin: 'https://evil.com',
|
|
},
|
|
});
|
|
expect(request.headers.get('access-control-allow-origin')).toEqual(null);
|
|
expect(request.headers.get('access-control-allow-credentials')).toEqual(null);
|
|
expect(request.status).toEqual(403);
|
|
expect(await request.text()).toMatchInlineSnapshot(`CORS origin not allowed.`);
|
|
});
|
|
|
|
test('matching origin -> send correct CORS headers', async () => {
|
|
const request = await fetch(`${endpoint}/graphql`, {
|
|
headers: {
|
|
origin: ensureEnv('HIVE_APP_BASE_URL'),
|
|
},
|
|
});
|
|
expect(request.headers.get('access-control-allow-origin')).toEqual(
|
|
ensureEnv('HIVE_APP_BASE_URL'),
|
|
);
|
|
expect(request.headers.get('access-control-allow-credentials')).toEqual('true');
|
|
expect(request.status).toEqual(200);
|
|
expect(await request.text()).toMatchInlineSnapshot(
|
|
`{"errors":[{"message":"Must provide query string.","extensions":{"code":"BAD_REQUEST"}}]}`,
|
|
);
|
|
});
|