e2e: add cors forbidden origin case (#187)

Signed-off-by: bitliu <bitliu@tencent.com>
2026-05-27 22:27:29 +08:00 · 2023-02-15 10:06:27 +08:00
parent e0807dce0b
commit 56e805f768
2 changed files with 22 additions and 2 deletions
--- a/test/ingress/conformance/tests/httproute-enable-cors.go
+++ b/test/ingress/conformance/tests/httproute-enable-cors.go
@@ -73,7 +73,7 @@ var HTTPRouteEnableCors = suite.ConformanceTest{
 				},
 			}, {
 				Meta: http.AssertionMeta{
-					TestCaseName:    "case3: enable cors and allow headers",
+					TestCaseName:    "case3: enable cors and allow origin headers",
 					TargetBackend:   "infra-backend-v3",
 					TargetNamespace: "higress-conformance-infra",
 				},
@@ -91,6 +91,26 @@ var HTTPRouteEnableCors = suite.ConformanceTest{
 						Headers:    map[string]string{"Access-Control-Allow-Credentials": "true", "Access-Control-Allow-Origin": "http://bar.com", "Access-Control-Expose-Headers": "*"},
 					},
 				},
+			}, {
+				Meta: http.AssertionMeta{
+					TestCaseName:    "case4: enable cors and use forbidden Origin",
+					TargetBackend:   "infra-backend-v3",
+					TargetNamespace: "higress-conformance-infra",
+				},
+				Request: http.AssertionRequest{
+					ActualRequest: http.Request{
+						Path:    "/foo",
+						Host:    "foo3.com",
+						Method:  "OPTIONS",
+						Headers: map[string]string{"Origin": "http://foo.com"},
+					},
+				},
+				Response: http.AssertionResponse{
+					ExpectedResponse: http.Response{
+						StatusCode:    200,
+						AbsentHeaders: []string{"Access-Control-Allow-Credentials", "Access-Control-Allow-Origin", "Access-Control-Expose-Headers"},
+					},
+				},
 			},
 		}