Add SetIsOriginAllowedToAllowWildcardSubdomains_DoesNotAllowRootDomain test (#23001)

kendaleiv · web-flow · commit 28ed208022b8 · 2020-06-17T06:22:20.000-07:00
This test makes it clear root domains are not included in CORS subdomain wildcards
diff --git a/src/Middleware/CORS/test/UnitTests/CorsPolicyBuilderTests.cs b/src/Middleware/CORS/test/UnitTests/CorsPolicyBuilderTests.cs
@@ -205,6 +205,20 @@ public void SetIsOriginAllowedToAllowWildcardSubdomains_AllowsWildcardSubdomains
             Assert.True(corsPolicy.IsOriginAllowed("http://test.example.com"));
         }
 
+        [Fact]
+        public void SetIsOriginAllowedToAllowWildcardSubdomains_DoesNotAllowRootDomain()
+        {
+            // Arrange
+            var builder = new CorsPolicyBuilder("http://*.example.com");
+
+            // Act
+            builder.SetIsOriginAllowedToAllowWildcardSubdomains();
+
+            // Assert
+            var corsPolicy = builder.Build();
+            Assert.False(corsPolicy.IsOriginAllowed("http://example.com"));
+        }
+
         [Fact]
         public void WithMethods_AddsMethods()
         {
