]> git.openstreetmap.org Git - rails.git/blobdiff - test/integration/cors_test.rb
Allow administrators to unhide diary entries, if they wish
[rails.git] / test / integration / cors_test.rb
index 827db7c93f81af1e79a007d468e38177c3916786..82e8346469cff7828e221fff90faada2164a8e12 100644 (file)
@@ -1,32 +1,27 @@
-require File.dirname(__FILE__) + '/../test_helper'
-
-class CORSTest < ActionController::IntegrationTest
-  # Rails 4 adds a built-in `options` method. When we upgrade, we can remove
-  # this definition.
-  unless instance_method_names.include?("options")
-    def options(*args)
-      reset! unless integration_session
-      @html_document = nil
-      integration_session.send(:process, :options, *args).tap do
-        copy_session_variables!
-      end
-    end
-  end
+require "test_helper"
 
 
+class CORSTest < ActionDispatch::IntegrationTest
   def test_api_routes_allow_cross_origin_requests
   def test_api_routes_allow_cross_origin_requests
-    options "/api/capabilities", nil,
-            'HTTP_ORIGIN' => "http://www.example.com",
-            'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'GET'
+    process :options, "/api/capabilities", :headers => {
+      "HTTP_ORIGIN" => "http://www.example.com",
+      "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET"
+    }
 
     assert_response :success
 
     assert_response :success
-    assert_equal "http://www.example.com", response.headers['Access-Control-Allow-Origin']
+    assert_equal "*", response.headers["Access-Control-Allow-Origin"]
+    assert_nil response.content_type
+    assert_equal "", response.body
   end
 
   def test_non_api_routes_dont_allow_cross_origin_requests
   end
 
   def test_non_api_routes_dont_allow_cross_origin_requests
-    assert_raises ActionController::RoutingError do
-      options "/", nil,
-              'HTTP_ORIGIN' => "http://www.example.com",
-              'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'GET'
-    end
+    process :options, "/", :headers => {
+      "HTTP_ORIGIN" => "http://www.example.com",
+      "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET"
+    }
+
+    assert_response :success
+    assert_nil response.headers["Access-Control-Allow-Origin"]
+    assert_nil response.content_type
+    assert_equal "", response.body
   end
 end
   end
 end