package uk.ac.warwick.util.web.spring.view.json;

import org.junit.Assert;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;

/* loaded from: input_file:uk/ac/warwick/util/web/spring/view/json/SameOriginHostJSONPRequestValidatorTest.class */
public final class SameOriginHostJSONPRequestValidatorTest {
    @Test
    public void noRefererUsesDefault() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        SameOriginHostJSONPRequestValidator sameOriginHostJSONPRequestValidator = new SameOriginHostJSONPRequestValidator("www2.warwick.ac.uk");
        sameOriginHostJSONPRequestValidator.setValidByDefault(true);
        Assert.assertTrue(sameOriginHostJSONPRequestValidator.isAllow(mockHttpServletRequest));
        sameOriginHostJSONPRequestValidator.setValidByDefault(false);
        Assert.assertFalse(sameOriginHostJSONPRequestValidator.isAllow(mockHttpServletRequest));
    }

    @Test
    public void differentReferer() throws Exception {
        SameOriginHostJSONPRequestValidator sameOriginHostJSONPRequestValidator = new SameOriginHostJSONPRequestValidator("www2.warwick.ac.uk");
        sameOriginHostJSONPRequestValidator.setValidByDefault(false);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addHeader("referer", "http://start.warwick.ac.uk/malicious.jsp");
        Assert.assertFalse(sameOriginHostJSONPRequestValidator.isAllow(mockHttpServletRequest));
    }

    @Test
    public void differentRefererWithFullURLConstructor() throws Exception {
        SameOriginHostJSONPRequestValidator sameOriginHostJSONPRequestValidator = new SameOriginHostJSONPRequestValidator("http://www2.warwick.ac.uk/");
        sameOriginHostJSONPRequestValidator.setValidByDefault(false);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addHeader("referer", "http://start.warwick.ac.uk/malicious.jsp");
        Assert.assertFalse(sameOriginHostJSONPRequestValidator.isAllow(mockHttpServletRequest));
    }

    @Test
    public void sameHostReferer() throws Exception {
        SameOriginHostJSONPRequestValidator sameOriginHostJSONPRequestValidator = new SameOriginHostJSONPRequestValidator("www2.warwick.ac.uk");
        sameOriginHostJSONPRequestValidator.setValidByDefault(false);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addHeader("referer", "http://www2.warwick.ac.uk/nice.jsp");
        Assert.assertTrue(sameOriginHostJSONPRequestValidator.isAllow(mockHttpServletRequest));
    }

    @Test
    public void sameHostRefererWithFullURLConstructor() throws Exception {
        SameOriginHostJSONPRequestValidator sameOriginHostJSONPRequestValidator = new SameOriginHostJSONPRequestValidator("http://www2.warwick.ac.uk/");
        sameOriginHostJSONPRequestValidator.setValidByDefault(false);
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        mockHttpServletRequest.addHeader("referer", "http://www2.warwick.ac.uk/nice.jsp");
        Assert.assertTrue(sameOriginHostJSONPRequestValidator.isAllow(mockHttpServletRequest));
    }
}
