]> git.openstreetmap.org Git - rails.git/blob - test/integration/cors_test.rb
b1323c8194849bcc40ba2ed491acc290a23223ee
[rails.git] / test / integration / cors_test.rb
1 require File.dirname(__FILE__) + '/../test_helper'
2
3 class CORSTest < ActionController::IntegrationTest
4   # Rails 4 adds a built-in `options` method. When we upgrade, we can remove
5   # this definition.
6   unless instance_methods.include?(:options)
7     def options(*args)
8       reset! unless integration_session
9       @html_document = nil
10       integration_session.send(:process, :options, *args).tap do
11         copy_session_variables!
12       end
13     end
14   end
15
16   def test_api_routes_allow_cross_origin_requests
17     options "/api/capabilities", nil,
18             'HTTP_ORIGIN' => "http://www.example.com",
19             'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'GET'
20
21     assert_response :success
22     assert_equal "http://www.example.com", response.headers['Access-Control-Allow-Origin']
23   end
24
25   def test_non_api_routes_dont_allow_cross_origin_requests
26     assert_raises ActionController::RoutingError do
27       options "/", nil,
28               'HTTP_ORIGIN' => "http://www.example.com",
29               'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'GET'
30     end
31   end
32 end