Aframp-backend/test-cors-security.sh at master · kellymusk/Aframp-backend · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
#!/bin/bash

# Test script for CORS and Security Headers implementation
# Tests the new middleware functionality

echo "🧪 Testing CORS and Security Headers Implementation"
echo "=================================================="

# Server URL (adjust if needed)
SERVER_URL="http://localhost:8000"

echo ""
echo "1. Testing CORS Preflight Request (OPTIONS)"
echo "-------------------------------------------"
curl -i -X OPTIONS \
  -H "Origin: http://localhost:3000" \
  -H "Access-Control-Request-Method: POST" \
  -H "Access-Control-Request-Headers: Content-Type,Authorization" \
  "$SERVER_URL/api/rates"

echo ""
echo ""
echo "2. Testing CORS with Allowed Origin"
echo "-----------------------------------"
curl -i -X GET \
  -H "Origin: http://localhost:3000" \
  "$SERVER_URL/health"

echo ""
echo ""
echo "3. Testing CORS with Disallowed Origin"
echo "--------------------------------------"
curl -i -X GET \
  -H "Origin: https://malicious.com" \
  "$SERVER_URL/health"

echo ""
echo ""
echo "4. Testing Security Headers"
echo "---------------------------"
curl -i -X GET "$SERVER_URL/health" | grep -E "(X-Frame-Options|X-Content-Type-Options|X-XSS-Protection|Content-Security-Policy|Referrer-Policy)"

echo ""
echo ""
echo "5. Testing API Endpoint with CORS"
echo "---------------------------------"
curl -i -X GET \
  -H "Origin: http://localhost:3000" \
  -H "Content-Type: application/json" \
  "$SERVER_URL/api/rates"

echo ""
echo ""
echo "✅ CORS and Security Headers Test Complete"
echo "Check the responses above for:"
echo "- Access-Control-Allow-Origin headers"
echo "- Access-Control-Allow-Methods headers"
echo "- X-Frame-Options: DENY"
echo "- X-Content-Type-Options: nosniff"
echo "- Content-Security-Policy headers"
echo "- Server: Aframp API"