3 class CORSTest < ActionDispatch::IntegrationTest
4 def test_api_routes_allow_cross_origin_requests
5 process :options, "/api/capabilities", :headers => {
6 "HTTP_ORIGIN" => "http://www.example.com",
7 "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET"
10 assert_response :success
11 assert_equal "*", response.headers["Access-Control-Allow-Origin"]
12 assert_equal "text/plain", response.content_type
13 assert_equal "", response.body
16 def test_non_api_routes_dont_allow_cross_origin_requests
17 process :options, "/", :headers => {
18 "HTTP_ORIGIN" => "http://www.example.com",
19 "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET"
22 assert_response :success
23 assert_nil response.headers["Access-Control-Allow-Origin"]
24 assert_nil response.content_type
25 assert_equal "", response.body