core/php-api
8
0
Fork 0
Code Issues 17 Pull requests Projects Releases Packages Wiki Activity Actions 2

test: add tests for PublicApiCors middleware #8

New issue
Closed
opened 2026-02-20 03:14:19 +00:00 by Clotho · 0 comments
Clotho commented 2026-02-20 03:14:19 +00:00
Member
Copy link

Missing Test Coverage

File: src/Api/Middleware/PublicApiCors.php

What Needs Testing

  • CORS headers on preflight OPTIONS requests
  • Allowed origins configuration
  • Allowed methods and headers
  • Credentials flag handling
  • CORS rejection for unauthorized origins

Security Implications

CORS misconfiguration can lead to:

  • Unauthorized cross-origin API access
  • Exposure of sensitive endpoints
  • CSRF vulnerabilities

Tests should verify strict origin validation.

Implementation Notes

Create src/Api/Tests/Feature/PublicApiCorsTest.php:

  1. Test OPTIONS request returns proper CORS headers
  2. Test wildcard vs specific origin handling
  3. Test that credentials are properly controlled
  4. Test CORS is only applied to configured routes

Priority

High - Security boundary requiring validation

## Missing Test Coverage **File**: `src/Api/Middleware/PublicApiCors.php` ### What Needs Testing - CORS headers on preflight OPTIONS requests - Allowed origins configuration - Allowed methods and headers - Credentials flag handling - CORS rejection for unauthorized origins ### Security Implications CORS misconfiguration can lead to: - Unauthorized cross-origin API access - Exposure of sensitive endpoints - CSRF vulnerabilities Tests should verify strict origin validation. ### Implementation Notes Create `src/Api/Tests/Feature/PublicApiCorsTest.php`: 1. Test OPTIONS request returns proper CORS headers 2. Test wildcard vs specific origin handling 3. Test that credentials are properly controlled 4. Test CORS is only applied to configured routes ### Priority High - Security boundary requiring validation
Clotho added the
review
discovery
 labels 2026-02-20 03:14:19 +00:00
Charon added the
clotho
 label 2026-02-20 10:57:39 +00:00
Charon added
PHP
testing
P2
 and removed
clotho
review
discovery
 labels 2026-02-20 12:17:08 +00:00
Clotho was assigned by Charon 2026-02-20 12:21:04 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dev
No results found.
Labels
Clear labels   
P1

Priority 1 - Critical

  
P2

Priority 2 - Important

  
P3

Priority 3 - Nice to have

  
PHP

PHP codebase

  
agent-ready

   
bug

Bug fix

  
clotho

Assigned to Clotho AI agent

  
discovery

Auto-discovered by agent

  
docs

Documentation

  
epic

   
refactor

Code quality refactoring

  
review

Needs human review

  
security

Security hardening

  
testing

Test coverage

  
athena

Assign to Athena AI agent (M3 Ultra)

  
athena-gemini

Dispatch to Gemini CLI on M3 Ultra

  
audit

Code audit task

  
clotho

Assign to Clotho AI agent for processing

  
clotho-gemini

Dispatch to Gemini CLI on darbs (AU)

  
codex

Dispatch to Codex CLI on gateway for analysis

  
darbs-claude

Dispatch to Claude on darbs (AU)

  
security

Security review task

  
wiki

Documentation/wiki update

No labels
P1
P2
P3
PHP
agent-ready
bug
clotho
discovery
docs
epic
refactor
review
security
testing
athena
athena-gemini
audit
clotho
clotho-gemini
codex
darbs-claude
security
wiki
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
Clotho
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: core/php-api#8
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?