Test that 4xx responses contain CORS headers.

cornice/tests/test_cors.py

@@ -1,4 +1,6 @@
 from pyramid import testing
+from pyramid.exceptions import NotFound
+
 from webtest import TestApp
 
 from cornice.service import Service
@@ -7,8 +9,9 @@
 
 squirel = Service(path='/squirel', name='squirel', cors_origins=('foobar',))
 spam = Service(path='/spam', name='spam', cors_origins=('*',))
-eggs = Service(path='/eggs', name='egg', cors_origins=('*'),
+eggs = Service(path='/eggs', name='egg', cors_origins=('*',),
                cors_expose_all_headers=False)
+bacon = Service(path='/bacon/{type}', name='bacon', cors_origins=('*',))
 
 
 @squirel.get(cors_origins=('notmyidea.org',))
@@ -37,6 +40,20 @@ def moar_spam(request):
     return 'moar spam'
 
 
+def is_bacon_good(request):
+    if not request.matchdict['type'].endswith('good'):
+        request.errors.add('querystring', 'type', 'should be better!')
+
+
+@bacon.get(validators=is_bacon_good)
+def get_some_bacon(request):
+    # if you got here, the only kind of bacon existing is 'good'.
+    if request.matchdict['type'] != 'good':
+        raise NotFound('Not. Found.')
+
+    return "yay"
+
+
 class TestCORS(TestCase):
 
     def setUp(self):
@@ -190,3 +207,13 @@ def test_preflight_headers_arent_case_sensitive(self):
             'Origin': 'notmyidea.org',
             'Access-Control-Request-Method': 'GET',
             'Access-Control-Request-Headers': 'x-my-header', })
+
+    def test_400_return_CORS_headers(self):
+        resp = self.app.get('/bacon/not', status=400,
+                            headers={'Origin': 'notmyidea.org'})
+        self.assertIn('Access-Control-Allow-Origin', resp.headers)
+
+    def test_404_returns_CORS_headers(self):
+        resp = self.app.get('/bacon/notgood', status=404,
+                            headers={'Origin': 'notmyidea.org'})
+        self.assertIn('Access-Control-Allow-Origin', resp.headers)