diff options
author | Theron Luhn <theron@luhn.com> | 2021-11-16 22:40:49 -0800 |
---|---|---|
committer | Asif Saif Uddin <auvipy@gmail.com> | 2021-12-13 11:32:59 +0600 |
commit | 6db69014898e2095cf165be0faab4f99178896b6 (patch) | |
tree | 1134e0fa1838553e35cdc2d5aaecdce78f499d6b | |
parent | 55ce48b7218ee25794822141c5844eec4a0ff8d9 (diff) | |
download | oauthlib-6db69014898e2095cf165be0faab4f99178896b6.tar.gz |
Add `Access-Control-Allow-Origin` header to metadata endpoint.
-rw-r--r-- | oauthlib/oauth2/rfc6749/endpoints/metadata.py | 3 | ||||
-rw-r--r-- | tests/oauth2/rfc6749/endpoints/test_metadata.py | 15 |
2 files changed, 17 insertions, 1 deletions
diff --git a/oauthlib/oauth2/rfc6749/endpoints/metadata.py b/oauthlib/oauth2/rfc6749/endpoints/metadata.py index 81ee1de..d43a824 100644 --- a/oauthlib/oauth2/rfc6749/endpoints/metadata.py +++ b/oauthlib/oauth2/rfc6749/endpoints/metadata.py @@ -54,7 +54,8 @@ class MetadataEndpoint(BaseEndpoint): """Create metadata response """ headers = { - 'Content-Type': 'application/json' + 'Content-Type': 'application/json', + 'Access-Control-Allow-Origin': '*', } return headers, json.dumps(self.claims), 200 diff --git a/tests/oauth2/rfc6749/endpoints/test_metadata.py b/tests/oauth2/rfc6749/endpoints/test_metadata.py index 681119a..d93f849 100644 --- a/tests/oauth2/rfc6749/endpoints/test_metadata.py +++ b/tests/oauth2/rfc6749/endpoints/test_metadata.py @@ -1,6 +1,7 @@ # -*- coding: utf-8 -*- from oauthlib.oauth2 import MetadataEndpoint, Server, TokenEndpoint +import json from tests.unittest import TestCase @@ -37,6 +38,20 @@ class MetadataEndpointTest(TestCase): self.maxDiff = None self.assertEqual(openid_claims, oauth2_claims) + def test_create_metadata_response(self): + endpoint = TokenEndpoint(None, None, grant_types={"password": None}) + metadata = MetadataEndpoint([endpoint], { + "issuer": 'https://foo.bar', + "token_endpoint": "https://foo.bar/token" + }) + headers, body, status = metadata.create_metadata_response('/', 'GET') + assert headers == { + 'Content-Type': 'application/json', + 'Access-Control-Allow-Origin': '*', + } + claims = json.loads(body) + assert claims['issuer'] == 'https://foo.bar' + def test_token_endpoint(self): endpoint = TokenEndpoint(None, None, grant_types={"password": None}) metadata = MetadataEndpoint([endpoint], { |