]> git.openstreetmap.org Git - rails.git/blob - test/integration/cors_test.rb
projects / rails.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Drop custom CORS rack module
[rails.git] / test / integration / cors_test.rb
1 require "test_helper"
2
3 class CORSTest < ActionDispatch::IntegrationTest
4   def test_api_routes_allow_cross_origin_requests
5     options "/api/capabilities", :headers => {
6       "Origin" => "http://www.example.com",
7       "Access-Control-Request-Method" => "GET"
8     }
9
10     assert_response :success
11     assert_equal "*", response.headers["Access-Control-Allow-Origin"]
12     assert_nil response.headers["Vary"]
13     assert_nil response.media_type
14     assert_equal "", response.body
15
16     get "/api/capabilities", :headers => {
17       "Origin" => "http://www.example.com",
18       "Access-Control-Request-Method" => "GET"
19     }
20
21     assert_response :success
22     assert_equal "*", response.headers["Access-Control-Allow-Origin"]
23     assert_equal "Origin", response.headers["Vary"]
24     assert_equal "application/xml", response.media_type
25   end
26
27   def test_non_api_routes_dont_allow_cross_origin_requests
28     options "/", :headers => {
29       "Origin" => "http://www.example.com",
30       "Access-Control-Request-Method" => "GET"
31     }
32
33     assert_response :success
34     assert_nil response.headers["Access-Control-Allow-Origin"]
35     assert_nil response.media_type
36     assert_equal "", response.body
37
38     get "/", :headers => {
39       "Origin" => "http://www.example.com",
40       "Access-Control-Request-Method" => "GET"
41     }
42
43     assert_response :success
44     assert_nil response.headers["Access-Control-Allow-Origin"]
45     assert_equal "text/html", response.media_type
46   end
47 end
The OpenStreetMap web site