X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/7599f98957334d1924550205f7ba12a726de7eb0..b97834f1fd8f5ee299e83b38147da439165dc859:/test/integration/cors_test.rb diff --git a/test/integration/cors_test.rb b/test/integration/cors_test.rb index 827db7c93..c35f73d34 100644 --- a/test/integration/cors_test.rb +++ b/test/integration/cors_test.rb @@ -1,32 +1,27 @@ -require File.dirname(__FILE__) + '/../test_helper' - -class CORSTest < ActionController::IntegrationTest - # Rails 4 adds a built-in `options` method. When we upgrade, we can remove - # this definition. - unless instance_method_names.include?("options") - def options(*args) - reset! unless integration_session - @html_document = nil - integration_session.send(:process, :options, *args).tap do - copy_session_variables! - end - end - end +require "test_helper" +class CORSTest < ActionDispatch::IntegrationTest def test_api_routes_allow_cross_origin_requests - options "/api/capabilities", nil, - 'HTTP_ORIGIN' => "http://www.example.com", - 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'GET' + process :options, "/api/capabilities", :headers => { + "HTTP_ORIGIN" => "http://www.example.com", + "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET" + } assert_response :success - assert_equal "http://www.example.com", response.headers['Access-Control-Allow-Origin'] + assert_equal "*", response.headers["Access-Control-Allow-Origin"] + assert_nil response.media_type + assert_equal "", response.body end def test_non_api_routes_dont_allow_cross_origin_requests - assert_raises ActionController::RoutingError do - options "/", nil, - 'HTTP_ORIGIN' => "http://www.example.com", - 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'GET' - end + process :options, "/", :headers => { + "HTTP_ORIGIN" => "http://www.example.com", + "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET" + } + + assert_response :success + assert_nil response.headers["Access-Control-Allow-Origin"] + assert_nil response.media_type + assert_equal "", response.body end end