Add CORSMethodMiddleware (#366)

CORSMethodMiddleware sets the Access-Control-Allow-Methods response header on a request, by matching routes based only on paths. It also handles OPTIONS requests, by settings Access-Control-Allow-Methods, and then returning without calling the next HTTP handler.
2018-05-11 18:30:14 -07:00
parent ded0c29b24
commit 5e55a4adb8
3 changed files with 92 additions and 1 deletions
--- a/middleware_test.go
+++ b/middleware_test.go
@@ -3,6 +3,7 @@ package mux
 import (
 	"bytes"
 	"net/http"
+	"net/http/httptest"
 	"testing"
 )

@@ -334,3 +335,43 @@ func TestMiddlewareMethodMismatchSubrouter(t *testing.T) {
 		t.Fatal("Middleware was called for a method mismatch")
 	}
 }
+
+func TestCORSMethodMiddleware(t *testing.T) {
+	router := NewRouter()
+
+	cases := []struct {
+		path                   string
+		response               string
+		method                 string
+		testURL                string
+		expectedAllowedMethods string
+	}{
+		{"/g/{o}", "a", "POST", "/g/asdf", "POST,PUT,GET,OPTIONS"},
+		{"/g/{o}", "b", "PUT", "/g/bla", "POST,PUT,GET,OPTIONS"},
+		{"/g/{o}", "c", "GET", "/g/orilla", "POST,PUT,GET,OPTIONS"},
+		{"/g", "d", "POST", "/g", "POST,OPTIONS"},
+	}
+
+	for _, tt := range cases {
+		router.HandleFunc(tt.path, stringHandler(tt.response)).Methods(tt.method)
+	}
+
+	router.Use(CORSMethodMiddleware(router))
+
+	for _, tt := range cases {
+		rr := httptest.NewRecorder()
+		req := newRequest(tt.method, tt.testURL)
+
+		router.ServeHTTP(rr, req)
+
+		if rr.Body.String() != tt.response {
+			t.Errorf("Expected body '%s', found '%s'", tt.response, rr.Body.String())
+		}
+
+		allowedMethods := rr.HeaderMap.Get("Access-Control-Allow-Methods")
+
+		if allowedMethods != tt.expectedAllowedMethods {
+			t.Errorf("Expected Access-Control-Allow-Methods '%s', found '%s'", tt.expectedAllowedMethods, allowedMethods)
+		}
+	}
+}