Drop custom CORS rack module

[rails.git] / test / integration / cors_test.rb

diff --git a/test/integration/cors_test.rb b/test/integration/cors_test.rb
index 88201231befe300fe33a74da63e89fdec178dd29..0c17ecfd388eca73a542edf5f469ad863407cfb8 100644 (file)
--- a/test/integration/cors_test.rb
+++ b/test/integration/cors_test.rb
@@ -2,19 +2,30 @@ require "test_helper"
 
 class CORSTest < ActionDispatch::IntegrationTest
   def test_api_routes_allow_cross_origin_requests
-    process :options, "/api/capabilities", :headers => {
+    options "/api/capabilities", :headers => {
       "Origin" => "http://www.example.com",
       "Access-Control-Request-Method" => "GET"
     }
 
     assert_response :success
     assert_equal "*", response.headers["Access-Control-Allow-Origin"]
+    assert_nil response.headers["Vary"]
     assert_nil response.media_type
     assert_equal "", response.body
+
+    get "/api/capabilities", :headers => {
+      "Origin" => "http://www.example.com",
+      "Access-Control-Request-Method" => "GET"
+    }
+
+    assert_response :success
+    assert_equal "*", response.headers["Access-Control-Allow-Origin"]
+    assert_equal "Origin", response.headers["Vary"]
+    assert_equal "application/xml", response.media_type
   end
 
   def test_non_api_routes_dont_allow_cross_origin_requests
-    process :options, "/", :headers => {
+    options "/", :headers => {
       "Origin" => "http://www.example.com",
       "Access-Control-Request-Method" => "GET"
     }
@@ -23,5 +34,14 @@ class CORSTest < ActionDispatch::IntegrationTest
     assert_nil response.headers["Access-Control-Allow-Origin"]
     assert_nil response.media_type
     assert_equal "", response.body
+
+    get "/", :headers => {
+      "Origin" => "http://www.example.com",
+      "Access-Control-Request-Method" => "GET"
+    }
+
+    assert_response :success
+    assert_nil response.headers["Access-Control-Allow-Origin"]
+    assert_equal "text/html", response.media_type
   end
 end