]> git.openstreetmap.org Git - rails.git/blob - test/integration/cors_test.rb
Merge remote-tracking branch 'upstream/pull/4226'
[rails.git] / test / integration / cors_test.rb
1 require "test_helper"
2
3 class CORSTest < ActionDispatch::IntegrationTest
4   def test_api_routes_allow_cross_origin_requests
5     process :options, "/api/capabilities", :headers => {
6       "HTTP_ORIGIN" => "http://www.example.com",
7       "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET"
8     }
9
10     assert_response :success
11     assert_equal "*", response.headers["Access-Control-Allow-Origin"]
12     assert_nil response.media_type
13     assert_equal "", response.body
14   end
15
16   def test_non_api_routes_dont_allow_cross_origin_requests
17     process :options, "/", :headers => {
18       "HTTP_ORIGIN" => "http://www.example.com",
19       "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET"
20     }
21
22     assert_response :success
23     assert_nil response.headers["Access-Control-Allow-Origin"]
24     assert_nil response.media_type
25     assert_equal "", response.body
26   end
27 end