test/integration/cors_test.rb

   1 require "test_helper"
   2
   3 class CORSTest < ActionDispatch::IntegrationTest
   4   def test_api_routes_allow_cross_origin_requests
   5     process :options, "/api/capabilities", :headers => {
   6       "HTTP_ORIGIN" => "http://www.example.com",
   7       "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET"
   8     }
   9
  10     assert_response :success
  11     assert_equal "*", response.headers["Access-Control-Allow-Origin"]
  12     assert_nil response.media_type
  13     assert_equal "", response.body
  14   end
  15
  16   def test_non_api_routes_dont_allow_cross_origin_requests
  17     process :options, "/", :headers => {
  18       "HTTP_ORIGIN" => "http://www.example.com",
  19       "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET"
  20     }
  21
  22     assert_response :success
  23     assert_nil response.headers["Access-Control-Allow-Origin"]
  24     assert_nil response.media_type
  25     assert_equal "", response.body
  26   end
  27 end