e2e: add tests for cors

Author: mnahkies

e2e/src/express.entrypoint.ts

@@ -18,6 +18,12 @@ function createRouter() {
 
 export async function startExpressServer() {
   const {app, server, address} = await bootstrap({
+    cors: {
+      credentials: true,
+      allowedHeaders: ["Authorization", "Content-Type"],
+      methods: ["GET", "OPTIONS"],
+      origin: "http://example.com",
+    },
     router: createRouter(),
   })
 

e2e/src/index.axios.spec.ts

@@ -28,6 +28,35 @@ describe.each(startServerFunctions)(
       server?.close()
     })
 
+    describe("CORS", () => {
+      it("should send the correct CORS headers", async () => {
+        const {headers} = await client.getResponsesEmpty(undefined, {
+          headers: {
+            Origin: "http://e2e.example.com",
+          },
+        })
+        expect(headers).toMatchObject({
+          "access-control-allow-origin": "http://example.com",
+          "access-control-allow-credentials": "true",
+        })
+      })
+      it("should support pre-flight requests", async () => {
+        const {headers} = await client.getResponsesEmpty(undefined, {
+          method: "OPTIONS",
+          headers: {
+            Origin: "http://e2e.example.com",
+            "Access-Control-Request-Method": "POST",
+          },
+        })
+        expect(headers).toMatchObject({
+          "access-control-allow-origin": "http://example.com",
+          "access-control-allow-credentials": "true",
+          "access-control-allow-methods": "GET,OPTIONS",
+          "access-control-allow-headers": "Authorization,Content-Type",
+        })
+      })
+    })
+
     describe("GET /headers/undeclared", () => {
       it("provides the default headers", async () => {
         const {data} = await client.getHeadersUndeclared()

e2e/src/index.fetch.spec.ts

@@ -27,6 +27,35 @@ describe.each(startServerFunctions)(
       server?.close()
     })
 
+    describe("CORS", () => {
+      it("should send the correct CORS headers", async () => {
+        const {headers} = await client.getResponsesEmpty(undefined, {
+          headers: {
+            Origin: "http://e2e.example.com",
+          },
+        })
+        expect(Object.fromEntries(headers)).toMatchObject({
+          "access-control-allow-origin": "http://example.com",
+          "access-control-allow-credentials": "true",
+        })
+      })
+      it("should support pre-flight requests", async () => {
+        const {headers} = await client.getResponsesEmpty(undefined, {
+          method: "OPTIONS",
+          headers: {
+            Origin: "http://e2e.example.com",
+            "Access-Control-Request-Method": "POST",
+          },
+        })
+        expect(Object.fromEntries(headers)).toMatchObject({
+          "access-control-allow-origin": "http://example.com",
+          "access-control-allow-credentials": "true",
+          "access-control-allow-methods": "GET,OPTIONS",
+          "access-control-allow-headers": "Authorization,Content-Type",
+        })
+      })
+    })
+
     describe("GET /headers/undeclared", () => {
       it("provides the default headers", async () => {
         const res = await client.getHeadersUndeclared()

e2e/src/koa.entrypoint.ts

@@ -42,6 +42,12 @@ function createRouter() {
 
 export async function startKoaServer() {
   return await bootstrap({
+    cors: {
+      credentials: true,
+      allowHeaders: ["Authorization", "Content-Type"],
+      allowMethods: ["GET", "OPTIONS"],
+      origin: "http://example.com",
+    },
     router: createRouter(),
   })
 }