DevFW-CICD/ingress-nginx-helm
12
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ingress-nginx-helm/test/e2e/annotations/cors.go

631 lines
20 KiB
Go
Raw Normal View History

Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package annotations
import (
Remove e2e boilerplate
2018-10-29 21:39:04 +00:00
"net/http"
Refactor e2e tests to use testify y httpexpect
2020-02-19 03:08:56 +00:00
"strings"
Remove e2e boilerplate
2018-10-29 21:39:04 +00:00
migrate ginkgo to v2 (#8826) * Migrate ginkgo to v2 * Update test/e2e/annotations/ipwhitelist.go Co-authored-by: Jintao Zhang <tao12345666333@163.com> * Update test/e2e/annotations/modsecurity/modsecurity.go Co-authored-by: Jintao Zhang <tao12345666333@163.com> * Update test/e2e/settings/access_log.go Co-authored-by: Jintao Zhang <tao12345666333@163.com> * remove unnecessary blank line * re-order packages * less change Co-authored-by: Jintao Zhang <tao12345666333@163.com>
2022-07-31 16:16:28 +00:00
"github.com/onsi/ginkgo/v2"
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
"k8s.io/ingress-nginx/test/e2e/framework"
)
Cleanup and standardization of e2e test definitions (#5090)
2020-02-16 18:27:58 +00:00
var _ = framework.DescribeAnnotation("cors-*", func() {
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
f := framework.NewDefaultFramework("cors")
Refactor e2e tests to use testify y httpexpect
2020-02-19 03:08:56 +00:00
ginkgo.BeforeEach(func() {
use functional options to reduce number of methods creating an EchoDeployment (#8199)
2022-02-02 13:12:22 +00:00
f.NewEchoDeployment(framework.WithDeploymentReplicas(2))
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
})
Refactor e2e tests to use testify y httpexpect
2020-02-19 03:08:56 +00:00
ginkgo.It("should enable cors", func() {
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
host := "cors.foo.com"
Refactor e2e Tests to use common helper function Each e2e test is creating the same(or similar) Ingress Resource in different ways. This makes common ingress resource creation be performed by a framework method, reducing code duplication
2018-10-09 02:32:25 +00:00
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
}
Remove hard-coded annotation and don't use map pointers
2019-12-13 05:47:11 +00:00
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
Remove e2e boilerplate
2018-10-29 21:39:04 +00:00
f.EnsureIngress(ing)
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
Remove e2e boilerplate
2018-10-29 21:39:04 +00:00
f.WaitForNginxServer(host,
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
func(server string) bool {
Refactor e2e tests to use testify y httpexpect
2020-02-19 03:08:56 +00:00
return strings.Contains(server, "more_set_headers 'Access-Control-Allow-Methods: GET, PUT, POST, DELETE, PATCH, OPTIONS';") &&
Support cors-allow-origin with multiple origins (#7614) * Add Initial support for multiple cors origins in nginx - bump cluster version for `make dev-env` - add buildOriginRegex function in nginx.tmpl - add e2e 4 e2e tests for cors.go - refers to feature request #5496 * add tests + use search to identify '*' origin * add tests + use search to identify '*' origin Signed-off-by: Christopher Larivière <lariviere.c@gmail.com> * fix "should enable cors test" looking at improper values * Modify tests and add some logic for origin validation - add origin validation in cors ingress annotations - add extra tests to validate regex - properly escape regex using "QuoteMeta" - fix some copy/paste errors * add TrimSpace and length validation before adding a new origin * modify documentation for cors and remove dangling comment * add support for optional port mapping on origin * support single-level wildcard subdomains + tests * Remove automatic `*` fonctionality from incorrect origins - use []string instead of basic string to avoid reparsing in template.go - fix typo in docs - modify template to properly enable only if the whole block is enabled - modify cors parsing - test properly by validating that the value returned is the proper origin - update unit tests and annotation tests * Re-add `*` when no cors origins are supplied + fix tests - fix e2e tests to allow for `*` - re-add `*` to cors parsing if trimmed cors-allow-origin is empty (supplied but empty) and if it wasn't supplied at all. * remove unecessary logic for building cors origin + remove comments - add some edge cases in e2e tests - rework logic for building cors origin there was no need for logic in template.go for buildCorsOriginRegex if there is a `*` it ill be short-circuited by first if. if it's a wildcard domain or any domain (without a wildcard), it MUST match the main/cors.go regex format. if there's a star in a wildcard domain, it must be replaced with `[A-Za-z0-9]+` * add missing check in e2e tests
2021-11-02 19:31:42 +00:00
strings.Contains(server, "more_set_headers 'Access-Control-Allow-Origin: $http_origin';") &&
Update default allowed CORS headers (#8459) X-CustomHeader looks more like an example than a header we would want to accept in production. Added Range as a useful header that enables operations on resources that can be fetched in chunks.
2022-05-04 12:11:51 +00:00
strings.Contains(server, "more_set_headers 'Access-Control-Allow-Headers: DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';") &&
Refactor e2e tests to use testify y httpexpect
2020-02-19 03:08:56 +00:00
strings.Contains(server, "more_set_headers 'Access-Control-Max-Age: 1728000';") &&
Support cors-allow-origin with multiple origins (#7614) * Add Initial support for multiple cors origins in nginx - bump cluster version for `make dev-env` - add buildOriginRegex function in nginx.tmpl - add e2e 4 e2e tests for cors.go - refers to feature request #5496 * add tests + use search to identify '*' origin * add tests + use search to identify '*' origin Signed-off-by: Christopher Larivière <lariviere.c@gmail.com> * fix "should enable cors test" looking at improper values * Modify tests and add some logic for origin validation - add origin validation in cors ingress annotations - add extra tests to validate regex - properly escape regex using "QuoteMeta" - fix some copy/paste errors * add TrimSpace and length validation before adding a new origin * modify documentation for cors and remove dangling comment * add support for optional port mapping on origin * support single-level wildcard subdomains + tests * Remove automatic `*` fonctionality from incorrect origins - use []string instead of basic string to avoid reparsing in template.go - fix typo in docs - modify template to properly enable only if the whole block is enabled - modify cors parsing - test properly by validating that the value returned is the proper origin - update unit tests and annotation tests * Re-add `*` when no cors origins are supplied + fix tests - fix e2e tests to allow for `*` - re-add `*` to cors parsing if trimmed cors-allow-origin is empty (supplied but empty) and if it wasn't supplied at all. * remove unecessary logic for building cors origin + remove comments - add some edge cases in e2e tests - rework logic for building cors origin there was no need for logic in template.go for buildCorsOriginRegex if there is a `*` it ill be short-circuited by first if. if it's a wildcard domain or any domain (without a wildcard), it MUST match the main/cors.go regex format. if there's a star in a wildcard domain, it must be replaced with `[A-Za-z0-9]+` * add missing check in e2e tests
2021-11-02 19:31:42 +00:00
strings.Contains(server, "more_set_headers 'Access-Control-Allow-Credentials: true';") &&
strings.Contains(server, "set $http_origin *;") &&
strings.Contains(server, "$cors 'true';")
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
})
Refactor e2e tests to use testify y httpexpect
2020-02-19 03:08:56 +00:00
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusOK)
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
})
Refactor e2e tests to use testify y httpexpect
2020-02-19 03:08:56 +00:00
ginkgo.It("should set cors methods to only allow POST, GET", func() {
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
host := "cors.foo.com"
Refactor e2e Tests to use common helper function Each e2e test is creating the same(or similar) Ingress Resource in different ways. This makes common ingress resource creation be performed by a framework method, reducing code duplication
2018-10-09 02:32:25 +00:00
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-methods": "POST, GET",
}
Remove hard-coded annotation and don't use map pointers
2019-12-13 05:47:11 +00:00
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
Remove e2e boilerplate
2018-10-29 21:39:04 +00:00
f.EnsureIngress(ing)
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
Remove e2e boilerplate
2018-10-29 21:39:04 +00:00
f.WaitForNginxServer(host,
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
func(server string) bool {
Refactor e2e tests to use testify y httpexpect
2020-02-19 03:08:56 +00:00
return strings.Contains(server, "more_set_headers 'Access-Control-Allow-Methods: POST, GET';")
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
})
})
Refactor e2e tests to use testify y httpexpect
2020-02-19 03:08:56 +00:00
ginkgo.It("should set cors max-age", func() {
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
host := "cors.foo.com"
Refactor e2e Tests to use common helper function Each e2e test is creating the same(or similar) Ingress Resource in different ways. This makes common ingress resource creation be performed by a framework method, reducing code duplication
2018-10-09 02:32:25 +00:00
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-max-age": "200",
}
Remove hard-coded annotation and don't use map pointers
2019-12-13 05:47:11 +00:00
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
Remove e2e boilerplate
2018-10-29 21:39:04 +00:00
f.EnsureIngress(ing)
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
Remove e2e boilerplate
2018-10-29 21:39:04 +00:00
f.WaitForNginxServer(host,
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
func(server string) bool {
Refactor e2e tests to use testify y httpexpect
2020-02-19 03:08:56 +00:00
return strings.Contains(server, "more_set_headers 'Access-Control-Max-Age: 200';")
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
})
})
Refactor e2e tests to use testify y httpexpect
2020-02-19 03:08:56 +00:00
ginkgo.It("should disable cors allow credentials", func() {
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
host := "cors.foo.com"
Refactor e2e Tests to use common helper function Each e2e test is creating the same(or similar) Ingress Resource in different ways. This makes common ingress resource creation be performed by a framework method, reducing code duplication
2018-10-09 02:32:25 +00:00
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-credentials": "false",
}
Remove hard-coded annotation and don't use map pointers
2019-12-13 05:47:11 +00:00
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
Remove e2e boilerplate
2018-10-29 21:39:04 +00:00
f.EnsureIngress(ing)
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
Remove e2e boilerplate
2018-10-29 21:39:04 +00:00
f.WaitForNginxServer(host,
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
func(server string) bool {
Refactor e2e tests to use testify y httpexpect
2020-02-19 03:08:56 +00:00
return !strings.Contains(server, "more_set_headers 'Access-Control-Allow-Credentials: true';")
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
})
})
Refactor e2e tests to use testify y httpexpect
2020-02-19 03:08:56 +00:00
ginkgo.It("should allow origin for cors", func() {
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
host := "cors.foo.com"
Support cors-allow-origin with multiple origins (#7614) * Add Initial support for multiple cors origins in nginx - bump cluster version for `make dev-env` - add buildOriginRegex function in nginx.tmpl - add e2e 4 e2e tests for cors.go - refers to feature request #5496 * add tests + use search to identify '*' origin * add tests + use search to identify '*' origin Signed-off-by: Christopher Larivière <lariviere.c@gmail.com> * fix "should enable cors test" looking at improper values * Modify tests and add some logic for origin validation - add origin validation in cors ingress annotations - add extra tests to validate regex - properly escape regex using "QuoteMeta" - fix some copy/paste errors * add TrimSpace and length validation before adding a new origin * modify documentation for cors and remove dangling comment * add support for optional port mapping on origin * support single-level wildcard subdomains + tests * Remove automatic `*` fonctionality from incorrect origins - use []string instead of basic string to avoid reparsing in template.go - fix typo in docs - modify template to properly enable only if the whole block is enabled - modify cors parsing - test properly by validating that the value returned is the proper origin - update unit tests and annotation tests * Re-add `*` when no cors origins are supplied + fix tests - fix e2e tests to allow for `*` - re-add `*` to cors parsing if trimmed cors-allow-origin is empty (supplied but empty) and if it wasn't supplied at all. * remove unecessary logic for building cors origin + remove comments - add some edge cases in e2e tests - rework logic for building cors origin there was no need for logic in template.go for buildCorsOriginRegex if there is a `*` it ill be short-circuited by first if. if it's a wildcard domain or any domain (without a wildcard), it MUST match the main/cors.go regex format. if there's a star in a wildcard domain, it must be replaced with `[A-Za-z0-9]+` * add missing check in e2e tests
2021-11-02 19:31:42 +00:00
origin := "https://origin.cors.com:8080"
Refactor e2e Tests to use common helper function Each e2e test is creating the same(or similar) Ingress Resource in different ways. This makes common ingress resource creation be performed by a framework method, reducing code duplication
2018-10-09 02:32:25 +00:00
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "https://origin.cors.com:8080",
}
Remove hard-coded annotation and don't use map pointers
2019-12-13 05:47:11 +00:00
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
Remove e2e boilerplate
2018-10-29 21:39:04 +00:00
f.EnsureIngress(ing)
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
Support cors-allow-origin with multiple origins (#7614) * Add Initial support for multiple cors origins in nginx - bump cluster version for `make dev-env` - add buildOriginRegex function in nginx.tmpl - add e2e 4 e2e tests for cors.go - refers to feature request #5496 * add tests + use search to identify '*' origin * add tests + use search to identify '*' origin Signed-off-by: Christopher Larivière <lariviere.c@gmail.com> * fix "should enable cors test" looking at improper values * Modify tests and add some logic for origin validation - add origin validation in cors ingress annotations - add extra tests to validate regex - properly escape regex using "QuoteMeta" - fix some copy/paste errors * add TrimSpace and length validation before adding a new origin * modify documentation for cors and remove dangling comment * add support for optional port mapping on origin * support single-level wildcard subdomains + tests * Remove automatic `*` fonctionality from incorrect origins - use []string instead of basic string to avoid reparsing in template.go - fix typo in docs - modify template to properly enable only if the whole block is enabled - modify cors parsing - test properly by validating that the value returned is the proper origin - update unit tests and annotation tests * Re-add `*` when no cors origins are supplied + fix tests - fix e2e tests to allow for `*` - re-add `*` to cors parsing if trimmed cors-allow-origin is empty (supplied but empty) and if it wasn't supplied at all. * remove unecessary logic for building cors origin + remove comments - add some edge cases in e2e tests - rework logic for building cors origin there was no need for logic in template.go for buildCorsOriginRegex if there is a `*` it ill be short-circuited by first if. if it's a wildcard domain or any domain (without a wildcard), it MUST match the main/cors.go regex format. if there's a star in a wildcard domain, it must be replaced with `[A-Za-z0-9]+` * add missing check in e2e tests
2021-11-02 19:31:42 +00:00
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Headers().ContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Status(http.StatusOK).Headers().
ValueEqual("Access-Control-Allow-Origin", []string{origin})
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
})
Refactor e2e tests to use testify y httpexpect
2020-02-19 03:08:56 +00:00
ginkgo.It("should allow headers for cors", func() {
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
host := "cors.foo.com"
Refactor e2e Tests to use common helper function Each e2e test is creating the same(or similar) Ingress Resource in different ways. This makes common ingress resource creation be performed by a framework method, reducing code duplication
2018-10-09 02:32:25 +00:00
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-headers": "DNT, User-Agent",
}
Remove hard-coded annotation and don't use map pointers
2019-12-13 05:47:11 +00:00
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
Remove e2e boilerplate
2018-10-29 21:39:04 +00:00
f.EnsureIngress(ing)
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
Remove e2e boilerplate
2018-10-29 21:39:04 +00:00
f.WaitForNginxServer(host,
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
func(server string) bool {
Refactor e2e tests to use testify y httpexpect
2020-02-19 03:08:56 +00:00
return strings.Contains(server, "more_set_headers 'Access-Control-Allow-Headers: DNT, User-Agent';")
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
})
})
Add annotation to configure CORS Access-Control-Expose-Headers
2020-09-23 15:41:52 +00:00
ginkgo.It("should expose headers for cors", func() {
host := "cors.foo.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-expose-headers": "X-CustomResponseHeader, X-CustomSecondHeader",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
f.WaitForNginxServer(host,
func(server string) bool {
return strings.Contains(server, "more_set_headers 'Access-Control-Expose-Headers: X-CustomResponseHeader, X-CustomSecondHeader';")
})
})
Support cors-allow-origin with multiple origins (#7614) * Add Initial support for multiple cors origins in nginx - bump cluster version for `make dev-env` - add buildOriginRegex function in nginx.tmpl - add e2e 4 e2e tests for cors.go - refers to feature request #5496 * add tests + use search to identify '*' origin * add tests + use search to identify '*' origin Signed-off-by: Christopher Larivière <lariviere.c@gmail.com> * fix "should enable cors test" looking at improper values * Modify tests and add some logic for origin validation - add origin validation in cors ingress annotations - add extra tests to validate regex - properly escape regex using "QuoteMeta" - fix some copy/paste errors * add TrimSpace and length validation before adding a new origin * modify documentation for cors and remove dangling comment * add support for optional port mapping on origin * support single-level wildcard subdomains + tests * Remove automatic `*` fonctionality from incorrect origins - use []string instead of basic string to avoid reparsing in template.go - fix typo in docs - modify template to properly enable only if the whole block is enabled - modify cors parsing - test properly by validating that the value returned is the proper origin - update unit tests and annotation tests * Re-add `*` when no cors origins are supplied + fix tests - fix e2e tests to allow for `*` - re-add `*` to cors parsing if trimmed cors-allow-origin is empty (supplied but empty) and if it wasn't supplied at all. * remove unecessary logic for building cors origin + remove comments - add some edge cases in e2e tests - rework logic for building cors origin there was no need for logic in template.go for buildCorsOriginRegex if there is a `*` it ill be short-circuited by first if. if it's a wildcard domain or any domain (without a wildcard), it MUST match the main/cors.go regex format. if there's a star in a wildcard domain, it must be replaced with `[A-Za-z0-9]+` * add missing check in e2e tests
2021-11-02 19:31:42 +00:00
ginkgo.It("should allow - single origin for multiple cors values", func() {
host := "cors.foo.com"
origin := "https://origin.cors.com:8080"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "https://origin.cors.com:8080, https://origin2.cors.com",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Headers().ContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Status(http.StatusOK).Headers().
ValueEqual("Access-Control-Allow-Origin", []string{origin})
})
ginkgo.It("should not allow - single origin for multiple cors values", func() {
host := "cors.foo.com"
origin := "http://no.origin.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "http://origin2.cors.com, https://origin.com",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
// the client should still receive a response but browsers should block the request
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Headers().NotContainsKey("Access-Control-Allow-Origin")
})
ginkgo.It("should allow correct origins - single origin for multiple cors values", func() {
host := "cors.foo.com"
badOrigin := "origin.cors.com:8080"
origin1 := "https://origin2.cors.com"
origin2 := "https://origin.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "origin.cors.com:8080, https://origin2.cors.com, https://origin.com",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", badOrigin).
Expect().
Headers().NotContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin1).
Expect().
Headers().ContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin1).
Expect().
Status(http.StatusOK).Headers().
ValueEqual("Access-Control-Allow-Origin", []string{origin1})
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin2).
Expect().
Headers().ContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin2).
Expect().
Status(http.StatusOK).Headers().
ValueEqual("Access-Control-Allow-Origin", []string{origin2})
})
ginkgo.It("should not break functionality", func() {
host := "cors.foo.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "*",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Headers().ContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusOK).Headers().
ValueEqual("Access-Control-Allow-Origin", []string{"*"})
})
ginkgo.It("should not break functionality - without `*`", func() {
host := "cors.foo.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Headers().ContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusOK).Headers().
ValueEqual("Access-Control-Allow-Origin", []string{"*"})
})
ginkgo.It("should not break functionality with extra domain", func() {
host := "cors.foo.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "*, foo.bar.com",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Headers().ContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
Expect().
Status(http.StatusOK).Headers().
ValueEqual("Access-Control-Allow-Origin", []string{"*"})
})
ginkgo.It("should not match", func() {
host := "cors.foo.com"
origin := "https://fooxbar.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "https://foo.bar.com",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
// the client should still receive a response but browsers should block the request
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Headers().NotContainsKey("Access-Control-Allow-Origin")
})
ginkgo.It("should allow - single origin with required port", func() {
host := "cors.foo.com"
origin := "http://origin.com:8080"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "http://origin.cors.com:8080, http://origin.com:8080",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
// the client should still receive a response but browsers should block the request
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Headers().ContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Status(http.StatusOK).Headers().
ValueEqual("Access-Control-Allow-Origin", []string{origin})
})
ginkgo.It("should not allow - single origin with port and origin without port", func() {
host := "cors.foo.com"
origin := "http://origin.com:8080"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "https://origin2.cors.com, http://origin.com",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Headers().NotContainsKey("Access-Control-Allow-Origin")
})
ginkgo.It("should not allow - single origin without port and origin with required port", func() {
host := "cors.foo.com"
origin := "http://origin.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "http://origin.cors.com:8080, http://origin.com:8080",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
// the client should still receive a response but browsers should block the request
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Headers().NotContainsKey("Access-Control-Allow-Origin")
})
ginkgo.It("should allow - matching origin with wildcard origin (2 subdomains)", func() {
host := "cors.foo.com"
origin := "http://foo.origin.cors.com"
fix missing `\-` in regex expression for CORS wildcard domain (#7904)
2021-11-11 18:26:08 +00:00
origin2 := "http://bar-foo.origin.cors.com"
Support cors-allow-origin with multiple origins (#7614) * Add Initial support for multiple cors origins in nginx - bump cluster version for `make dev-env` - add buildOriginRegex function in nginx.tmpl - add e2e 4 e2e tests for cors.go - refers to feature request #5496 * add tests + use search to identify '*' origin * add tests + use search to identify '*' origin Signed-off-by: Christopher Larivière <lariviere.c@gmail.com> * fix "should enable cors test" looking at improper values * Modify tests and add some logic for origin validation - add origin validation in cors ingress annotations - add extra tests to validate regex - properly escape regex using "QuoteMeta" - fix some copy/paste errors * add TrimSpace and length validation before adding a new origin * modify documentation for cors and remove dangling comment * add support for optional port mapping on origin * support single-level wildcard subdomains + tests * Remove automatic `*` fonctionality from incorrect origins - use []string instead of basic string to avoid reparsing in template.go - fix typo in docs - modify template to properly enable only if the whole block is enabled - modify cors parsing - test properly by validating that the value returned is the proper origin - update unit tests and annotation tests * Re-add `*` when no cors origins are supplied + fix tests - fix e2e tests to allow for `*` - re-add `*` to cors parsing if trimmed cors-allow-origin is empty (supplied but empty) and if it wasn't supplied at all. * remove unecessary logic for building cors origin + remove comments - add some edge cases in e2e tests - rework logic for building cors origin there was no need for logic in template.go for buildCorsOriginRegex if there is a `*` it ill be short-circuited by first if. if it's a wildcard domain or any domain (without a wildcard), it MUST match the main/cors.go regex format. if there's a star in a wildcard domain, it must be replaced with `[A-Za-z0-9]+` * add missing check in e2e tests
2021-11-02 19:31:42 +00:00
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "http://*.origin.cors.com, http://*.origin.com:8080",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Headers().ContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Status(http.StatusOK).Headers().
ValueEqual("Access-Control-Allow-Origin", []string{origin})
fix missing `\-` in regex expression for CORS wildcard domain (#7904)
2021-11-11 18:26:08 +00:00
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin2).
Expect().
Headers().ContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin2).
Expect().
Status(http.StatusOK).Headers().
ValueEqual("Access-Control-Allow-Origin", []string{origin2})
Support cors-allow-origin with multiple origins (#7614) * Add Initial support for multiple cors origins in nginx - bump cluster version for `make dev-env` - add buildOriginRegex function in nginx.tmpl - add e2e 4 e2e tests for cors.go - refers to feature request #5496 * add tests + use search to identify '*' origin * add tests + use search to identify '*' origin Signed-off-by: Christopher Larivière <lariviere.c@gmail.com> * fix "should enable cors test" looking at improper values * Modify tests and add some logic for origin validation - add origin validation in cors ingress annotations - add extra tests to validate regex - properly escape regex using "QuoteMeta" - fix some copy/paste errors * add TrimSpace and length validation before adding a new origin * modify documentation for cors and remove dangling comment * add support for optional port mapping on origin * support single-level wildcard subdomains + tests * Remove automatic `*` fonctionality from incorrect origins - use []string instead of basic string to avoid reparsing in template.go - fix typo in docs - modify template to properly enable only if the whole block is enabled - modify cors parsing - test properly by validating that the value returned is the proper origin - update unit tests and annotation tests * Re-add `*` when no cors origins are supplied + fix tests - fix e2e tests to allow for `*` - re-add `*` to cors parsing if trimmed cors-allow-origin is empty (supplied but empty) and if it wasn't supplied at all. * remove unecessary logic for building cors origin + remove comments - add some edge cases in e2e tests - rework logic for building cors origin there was no need for logic in template.go for buildCorsOriginRegex if there is a `*` it ill be short-circuited by first if. if it's a wildcard domain or any domain (without a wildcard), it MUST match the main/cors.go regex format. if there's a star in a wildcard domain, it must be replaced with `[A-Za-z0-9]+` * add missing check in e2e tests
2021-11-02 19:31:42 +00:00
})
ginkgo.It("should not allow - unmatching origin with wildcard origin (2 subdomains)", func() {
host := "cors.foo.com"
origin := "http://bar.foo.origin.cors.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "http://*.origin.cors.com, http://*.origin.com:8080",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
// the client should still receive a response but browsers should block the request
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Headers().NotContainsKey("Access-Control-Allow-Origin")
})
ginkgo.It("should allow - matching origin+port with wildcard origin", func() {
host := "cors.foo.com"
origin := "http://abc.origin.com:8080"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "http://origin.cors.com:8080, http://*.origin.com:8080",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Headers().ContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Status(http.StatusOK).Headers().
ValueEqual("Access-Control-Allow-Origin", []string{origin})
})
ginkgo.It("should not allow - portless origin with wildcard origin", func() {
host := "cors.foo.com"
origin := "http://abc.origin.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "http://origin.cors.com:8080, http://*.origin.com:8080",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
// the client should still receive a response but browsers should block the request
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Headers().NotContainsKey("Access-Control-Allow-Origin")
})
ginkgo.It("should allow correct origins - missing subdomain + origin with wildcard origin and correct origin", func() {
host := "cors.foo.com"
badOrigin := "http://origin.com:8080"
origin := "http://bar.origin.com:8080"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": "http://origin.cors.com:8080, http://*.origin.com:8080",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
// the client should still receive a response but browsers should block the request
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", badOrigin).
Expect().
Headers().NotContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Headers().ContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Status(http.StatusOK).Headers().
ValueEqual("Access-Control-Allow-Origin", []string{origin})
})
ginkgo.It("should allow - missing origins (should allow all origins)", func() {
host := "cors.foo.com"
origin := "http://origin.com"
origin2 := "http://book.origin.com"
origin3 := "test.origin.com"
annotations := map[string]string{
"nginx.ingress.kubernetes.io/enable-cors": "true",
"nginx.ingress.kubernetes.io/cors-allow-origin": " ",
}
ing := framework.NewSingleIngress(host, "/", host, f.Namespace, framework.EchoService, 80, annotations)
f.EnsureIngress(ing)
// the client should still receive a response but browsers should block the request
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Headers().ContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin).
Expect().
Status(http.StatusOK).Headers().
ValueEqual("Access-Control-Allow-Origin", []string{"*"})
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin2).
Expect().
Headers().ContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin2).
Expect().
Status(http.StatusOK).Headers().
ValueEqual("Access-Control-Allow-Origin", []string{"*"})
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin3).
Expect().
Headers().ContainsKey("Access-Control-Allow-Origin")
f.HTTPTestClient().
GET("/").
WithHeader("Host", host).
WithHeader("Origin", origin3).
Expect().
Status(http.StatusOK).Headers().
ValueEqual("Access-Control-Allow-Origin", []string{"*"})
})
Add e2e tests for CORS and more Adds the missing e2e tests for Cross-Origin Resource Sharing(CORS). This will include all the CORS annotations. Also adds more unit tests.
2018-08-30 02:58:40 +00:00
})
Reference in a new issue Copy permalink