fix cors and cors unittests, fix #324

2 files changed, 37 insertions, 5 deletions

diff --git a/tests/unit/external/NewsAPITest.php b/tests/unit/external/NewsAPITest.php
index 2bc649c1c..9a319a378 100644
--- a/tests/unit/external/NewsAPITest.php
+++ b/tests/unit/external/NewsAPITest.php
@@ -25,6 +25,7 @@
 
 namespace OCA\News\External;
 
+use \OCA\AppFramework\Http\Request;
 use \OCA\AppFramework\Http\JSONResponse;
 use \OCA\AppFramework\Utility\ControllerTestUtility;
 
@@ -99,6 +100,8 @@ class NewsAPITest extends ControllerTestUtility {
 
 
 	public function testCors() {
+		$this->request = new Request(array('server' => array()));
+		$this->newsAPI = new NewsAPI($this->api, $this->request, $this->updater);
 		$response = $this->newsAPI->cors();
 
 		$headers = $response->getHeaders();
@@ -106,9 +109,20 @@ class NewsAPITest extends ControllerTestUtility {
 		$this->assertEquals('*', $headers['Access-Control-Allow-Origin']);
 		$this->assertEquals('PUT, POST, GET, DELETE', $headers['Access-Control-Allow-Methods']);
 		$this->assertEquals('true', $headers['Access-Control-Allow-Credentials']);
-		$this->assertEquals('Authorization', $headers['Access-Control-Allow-Headers']);
+		$this->assertEquals('Authorization, Content-Type', $headers['Access-Control-Allow-Headers']);
 		$this->assertEquals('1728000', $headers['Access-Control-Max-Age']);
 	}
 
 
+	public function testCorsUsesOriginIfGiven() {
+		$this->request = new Request(array('server' => array('Origin' => 'test')));
+		$this->newsAPI = new NewsAPI($this->api, $this->request, $this->updater);
+		$response = $this->newsAPI->cors();
+
+		$headers = $response->getHeaders();
+
+		$this->assertEquals('test', $headers['Access-Control-Allow-Origin']);
+	}
+
+
 }
diff --git a/tests/unit/middleware/CORSMiddlewareTest.php b/tests/unit/middleware/CORSMiddlewareTest.php
index bccd79f1d..59d1cc415 100644
--- a/tests/unit/middleware/CORSMiddlewareTest.php
+++ b/tests/unit/middleware/CORSMiddlewareTest.php
@@ -24,9 +24,9 @@
 
 namespace OCA\News\Middleware;
 
+use OCA\AppFramework\Http\Request;
 use OCA\AppFramework\Http\Response;
 
-
 require_once(__DIR__ . "/../../classloader.php");
 
 
@@ -37,18 +37,22 @@ class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase {
 	 * @API
 	 */
 	public function testSetCORSAPIHeader() {
-		$middleware = new CORSMiddleware();
+		$request = new Request(
+			array('server' => array('Origin' => 'test'))
+		);
+		$middleware = new CORSMiddleware($request);
 		$response = $middleware->afterController('\OCA\News\Middleware\CORSMiddlewareTest',
 			'testSetCORSAPIHeader',
 			new Response());
 		$headers = $response->getHeaders();
 
-		$this->assertEquals('*', $headers['Access-Control-Allow-Origin']);
+		$this->assertEquals('test', $headers['Access-Control-Allow-Origin']);
 	}
 
 
 	public function testNoAPINoCORSHEADER() {
-		$middleware = new CORSMiddleware();
+		$request = new Request();
+		$middleware = new CORSMiddleware($request);
 		$response = $middleware->afterController('\OCA\News\Middleware\CORSMiddlewareTest',
 			'testNoAPINoCORSHEADER',
 			new Response());
@@ -56,4 +60,18 @@ class CORSMiddlewareTest extends \PHPUnit_Framework_TestCase {
 		$this->assertFalse(array_key_exists('Access-Control-Allow-Origin', $headers));
 	}
 
+
+	/**
+	 * @API
+	 */
+	public function testNoOriginHeaderNoCORSHEADER() {
+		$request = new Request();
+		$middleware = new CORSMiddleware($request);
+		$response = $middleware->afterController('\OCA\News\Middleware\CORSMiddlewareTest',
+			'testNoOriginHeaderNoCORSHEADER',
+			new Response());
+		$headers = $response->getHeaders();
+		$this->assertFalse(array_key_exists('Access-Control-Allow-Origin', $headers));
+	}
+
 }