1 require File.dirname(__FILE__) + '/../test_helper'
3 class CORSTest < ActionDispatch::IntegrationTest
4 # Rails 4 adds a built-in `options` method. When we upgrade, we can remove
6 unless instance_methods.include?(:options)
8 reset! unless integration_session
10 integration_session.send(:process, :options, *args).tap do
11 copy_session_variables!
16 def test_api_routes_allow_cross_origin_requests
17 options "/api/capabilities", nil,
18 'HTTP_ORIGIN' => "http://www.example.com",
19 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'GET'
21 assert_response :success
22 assert_equal "http://www.example.com", response.headers['Access-Control-Allow-Origin']
25 def test_non_api_routes_dont_allow_cross_origin_requests
26 assert_raises ActionController::RoutingError do
28 'HTTP_ORIGIN' => "http://www.example.com",
29 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'GET'