Medplum

Official

Overview Schema Related Servers Score Discussions

cors.test.ts•2.8 kB

// SPDX-FileCopyrightText: Copyright Orangebot, Inc. and Medplum contributors // SPDX-License-Identifier: Apache-2.0 import type { Request } from 'express'; import { getConfig, loadTestConfig } from './config/loader'; import { corsOptions } from './cors'; describe('CORS', () => { beforeEach(async () => { await loadTestConfig(); }); test('Root', () => { const req = { header: () => undefined, path: '/', } as unknown as Request; const callback = jest.fn(); corsOptions(req, callback); expect(callback).toHaveBeenCalledWith(null, { origin: false }); }); test('No Origin', () => { const req = { header: () => undefined, path: '/fhir/R4/Patient', } as unknown as Request; const callback = jest.fn(); corsOptions(req, callback); expect(callback).toHaveBeenCalledWith(null, { origin: false }); }); test('Allow appBaseUrl', () => { const req = { header: () => 'http://localhost:3000', path: '/fhir/R4/Patient', } as unknown as Request; const callback = jest.fn(); corsOptions(req, callback); expect(callback).toHaveBeenCalledWith( null, expect.objectContaining({ credentials: true, origin: 'http://localhost:3000' }) ); }); test('Open', () => { getConfig().allowedOrigins = '*'; const req = { header: () => 'https://example.com', path: '/fhir/R4/Patient', } as unknown as Request; const callback = jest.fn(); corsOptions(req, callback); expect(callback).toHaveBeenCalledWith( null, expect.objectContaining({ credentials: true, origin: 'https://example.com' }) ); }); test('Closed', () => { getConfig().allowedOrigins = undefined; const req = { header: () => 'https://example.com', path: '/fhir/R4/Patient', } as unknown as Request; const callback = jest.fn(); corsOptions(req, callback); expect(callback).toHaveBeenCalledWith(null, { origin: false }); }); test('Allowed origins ', () => { getConfig().allowedOrigins = 'https://abc.com,https://example.com'; const req = { header: () => 'https://example.com', path: '/fhir/R4/Patient', } as unknown as Request; const callback = jest.fn(); corsOptions(req, callback); expect(callback).toHaveBeenCalledWith( null, expect.objectContaining({ credentials: true, origin: 'https://example.com' }) ); }); test('Disallowed origins ', () => { getConfig().allowedOrigins = 'https://abc.com,https://def.com'; const req = { header: () => 'https://example.com', path: '/fhir/R4/Patient', } as unknown as Request; const callback = jest.fn(); corsOptions(req, callback); expect(callback).toHaveBeenCalledWith(null, { origin: false }); }); });

Latest Blog Posts

What Is Context Bloat in MCP?
By Om-Shree-0709 on December 16, 2025.
mcp
Context Bloat
MCP Moves to the Linux Foundation: Neutral Stewardship for Agentic Infrastructure
By Om-Shree-0709 on December 15, 2025.
mcp
anthropic
Linux Foundation
Code Execution with MCP: Architecting Agentic Efficiency
By Om-Shree-0709 on December 14, 2025.
mcp
Token bloat

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/medplum/medplum'

If you have feedback or need assistance with the MCP directory API, please join our Discord server