oscar-surf/misskey
oscar-surf/misskey
0
0
Fork 0
Code Issues Activity

feat(backend/oauth): allow CORS for token endpoint (#12814)

Browse source 
* feat(backend/oauth): allow CORS for token endpoint

* no need to explicitly set origin to `*`

* Update CHANGELOG.md
This commit is contained in:
Kagami Sascha Rosylight 2023-12-27 07:10:24 +01:00 committed by GitHub
parent c96bc36fed
commit ad346b6f36
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 242 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

20
packages/backend/test/e2e/oauth.ts
View file

@ -941,4 +941,24 @@ describe('OAuth', () => {
const response = await fetch(new URL('/oauth/foo', host));
assert.strictEqual(response.status, 404);
});
describe('CORS', () => {
test('Token endpoint should support CORS', async () => {
const response = await fetch(new URL('/oauth/token', host), { method: 'POST' });
assert.ok(!response.ok);
assert.strictEqual(response.headers.get('Access-Control-Allow-Origin'), '*');
});
test('Authorize endpoint should not support CORS', async () => {
const response = await fetch(new URL('/oauth/authorize', host), { method: 'GET' });
assert.ok(!response.ok);
assert.ok(!response.headers.has('Access-Control-Allow-Origin'));
});
test('Decision endpoint should not support CORS', async () => {
const response = await fetch(new URL('/oauth/decision', host), { method: 'POST' });
assert.ok(!response.ok);
assert.ok(!response.headers.has('Access-Control-Allow-Origin'));
});
});
});