X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/dbd88d893f3c3fce9cafd666b94396988646d81f..039b3e1c3226689e72ad4c15e80c2f35b91b87f0:/test/integration/cors_test.rb?ds=sidebyside diff --git a/test/integration/cors_test.rb b/test/integration/cors_test.rb index 05754da71..c35f73d34 100644 --- a/test/integration/cors_test.rb +++ b/test/integration/cors_test.rb @@ -8,15 +8,20 @@ class CORSTest < ActionDispatch::IntegrationTest } assert_response :success - assert_equal "http://www.example.com", response.headers["Access-Control-Allow-Origin"] + assert_equal "*", response.headers["Access-Control-Allow-Origin"] + assert_nil response.media_type + assert_equal "", response.body end def test_non_api_routes_dont_allow_cross_origin_requests - assert_raises ActionController::RoutingError do - process :options, "/", :headers => { - "HTTP_ORIGIN" => "http://www.example.com", - "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET" - } - end + process :options, "/", :headers => { + "HTTP_ORIGIN" => "http://www.example.com", + "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET" + } + + assert_response :success + assert_nil response.headers["Access-Control-Allow-Origin"] + assert_nil response.media_type + assert_equal "", response.body end end