@@ -220,12 +220,12 @@ def test_cors_default_configuration() -> None:
220220 cfg = CORSConfiguration ()
221221 assert cfg is not None
222222 assert cfg .allow_origins == ["*" ]
223- assert cfg .allow_credentials is True
223+ assert cfg .allow_credentials is False
224224 assert cfg .allow_methods == ["*" ]
225225 assert cfg .allow_headers == ["*" ]
226226
227227
228- def test_cors_custom_configuration () -> None :
228+ def test_cors_custom_configuration_v1 () -> None :
229229 """Test the CORS configuration."""
230230 cfg = CORSConfiguration (
231231 allow_origins = ["foo_origin" , "bar_origin" , "baz_origin" ],
@@ -240,6 +240,54 @@ def test_cors_custom_configuration() -> None:
240240 assert cfg .allow_headers == ["foo_header" , "bar_header" , "baz_header" ]
241241
242242
243+ def test_cors_custom_configuration_v2 () -> None :
244+ """Test the CORS configuration."""
245+ cfg = CORSConfiguration (
246+ allow_origins = ["foo_origin" , "bar_origin" , "baz_origin" ],
247+ allow_credentials = True ,
248+ allow_methods = ["foo_method" , "bar_method" , "baz_method" ],
249+ allow_headers = ["foo_header" , "bar_header" , "baz_header" ],
250+ )
251+ assert cfg is not None
252+ assert cfg .allow_origins == ["foo_origin" , "bar_origin" , "baz_origin" ]
253+ assert cfg .allow_credentials is True
254+ assert cfg .allow_methods == ["foo_method" , "bar_method" , "baz_method" ]
255+ assert cfg .allow_headers == ["foo_header" , "bar_header" , "baz_header" ]
256+
257+
258+ def test_cors_custom_configuration_v3 () -> None :
259+ """Test the CORS configuration."""
260+ cfg = CORSConfiguration (
261+ allow_origins = ["*" ],
262+ allow_credentials = False ,
263+ allow_methods = ["foo_method" , "bar_method" , "baz_method" ],
264+ allow_headers = ["foo_header" , "bar_header" , "baz_header" ],
265+ )
266+ assert cfg is not None
267+ assert cfg .allow_origins == ["*" ]
268+ assert cfg .allow_credentials is False
269+ assert cfg .allow_methods == ["foo_method" , "bar_method" , "baz_method" ]
270+ assert cfg .allow_headers == ["foo_header" , "bar_header" , "baz_header" ]
271+
272+
273+ def test_cors_improper_configuration () -> None :
274+ """Test the CORS configuration."""
275+ expected = (
276+ "Value error, Invalid CORS configuration: "
277+ + "allow_credentials can not be set to true when allow origins contains '\\ *' wildcard."
278+ + "Use explicit origins or disable credential."
279+ )
280+
281+ with pytest .raises (ValueError , match = expected ):
282+ # allow_credentials can not be true when allow_origins contains '*'
283+ CORSConfiguration (
284+ allow_origins = ["*" ],
285+ allow_credentials = True ,
286+ allow_methods = ["foo_method" , "bar_method" , "baz_method" ],
287+ allow_headers = ["foo_header" , "bar_header" , "baz_header" ],
288+ )
289+
290+
243291def test_tls_configuration () -> None :
244292 """Test the TLS configuration."""
245293 cfg = TLSConfiguration (
0 commit comments