From 7535cd05be2a341b2bc63799092fdd87b9a3d7d2 Mon Sep 17 00:00:00 2001
From: Maciej Borzecki <maciej.borzecki@rndity.com>
Date: Wed, 30 Nov 2016 12:28:09 +0100
Subject: [PATCH] rest/cors_test: tests for empty
 Access-Control-Request-Headers in preflight requests

Signed-off-by: Maciej Borzecki <maciej.borzecki@rndity.com>
---
 rest/cors_test.go | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 rest/cors_test.go

diff --git a/rest/cors_test.go b/rest/cors_test.go
new file mode 100644
index 0000000..09bbbc4
--- /dev/null
+++ b/rest/cors_test.go
@@ -0,0 +1,43 @@
+package rest
+
+import (
+	"net/http"
+	"testing"
+
+	"github.com/ant0ine/go-json-rest/rest/test"
+)
+
+func TestCorsMiddlewareEmptyAccessControlRequestHeaders(t *testing.T) {
+	api := NewApi()
+
+	// the middleware to test
+	api.Use(&CorsMiddleware{
+		OriginValidator: func(_ string, _ *Request) bool {
+			return true
+		},
+		AllowedMethods: []string{
+			"GET",
+			"POST",
+			"PUT",
+		},
+		AllowedHeaders: []string{
+			"Origin",
+			"Referer",
+		},
+	})
+
+	// wrap all
+	handler := api.MakeHandler()
+
+	req, _ := http.NewRequest("OPTIONS", "http://localhost", nil)
+	req.Header.Set("Origin", "http://another.host")
+	req.Header.Set("Access-Control-Request-Method", "PUT")
+	req.Header.Set("Access-Control-Request-Headers", "")
+
+	recorded := test.RunRequest(t, handler, req)
+	t.Logf("recorded: %+v\n", recorded.Recorder)
+	recorded.CodeIs(200)
+	recorded.HeaderIs("Access-Control-Allow-Methods", "GET,POST,PUT")
+	recorded.HeaderIs("Access-Control-Allow-Headers", "Origin,Referer")
+	recorded.HeaderIs("Access-Control-Allow-Origin", "http://another.host")
+}