]> git.openstreetmap.org Git - rails.git/blob - test/integration/cors_test.rb
projects / rails.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add frozen_string_literal comments to ruby files
[rails.git] / test / integration / cors_test.rb
1 # frozen_string_literal: true
2
3 require "test_helper"
4
5 class CORSTest < ActionDispatch::IntegrationTest
6   def test_api_routes_allow_cross_origin_requests
7     options "/api/capabilities", :headers => {
8       "Origin" => "http://www.example.com",
9       "Access-Control-Request-Method" => "GET"
10     }
11
12     assert_response :success
13     assert_equal "*", response.headers["Access-Control-Allow-Origin"]
14     assert_nil response.headers["Vary"]
15     assert_nil response.media_type
16     assert_equal "", response.body
17
18     get "/api/capabilities", :headers => {
19       "Origin" => "http://www.example.com",
20       "Access-Control-Request-Method" => "GET"
21     }
22
23     assert_response :success
24     assert_equal "*", response.headers["Access-Control-Allow-Origin"]
25     assert_equal "Origin", response.headers["Vary"]
26     assert_equal "application/xml", response.media_type
27   end
28
29   def test_non_api_routes_dont_allow_cross_origin_requests
30     options "/", :headers => {
31       "Origin" => "http://www.example.com",
32       "Access-Control-Request-Method" => "GET"
33     }
34
35     assert_response :success
36     assert_nil response.headers["Access-Control-Allow-Origin"]
37     assert_nil response.media_type
38     assert_equal "", response.body
39
40     get "/", :headers => {
41       "Origin" => "http://www.example.com",
42       "Access-Control-Request-Method" => "GET"
43     }
44
45     assert_response :success
46     assert_nil response.headers["Access-Control-Allow-Origin"]
47     assert_equal "text/html", response.media_type
48   end
49 end
The OpenStreetMap web site