X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/f2d13c075660efb9582d7fb600bd6798d7a382ca..43ce6e68c09cdb4e66a7af9849e36c9406d2eb05:/test/integration/cors_test.rb?ds=inline
diff --git a/test/integration/cors_test.rb b/test/integration/cors_test.rb
index f3581f6a2..c35f73d34 100644
--- a/test/integration/cors_test.rb
+++ b/test/integration/cors_test.rb
@@ -1,32 +1,27 @@
-require 'test_helper'
+require "test_helper"
class CORSTest < ActionDispatch::IntegrationTest
- # Rails 4 adds a built-in `options` method. When we upgrade, we can remove
- # this definition.
- unless instance_methods.include?(:options)
- def options(*args)
- reset! unless integration_session
- @html_document = nil
- integration_session.send(:process, :options, *args).tap do
- copy_session_variables!
- end
- end
- end
-
def test_api_routes_allow_cross_origin_requests
- options "/api/capabilities", nil,
- 'HTTP_ORIGIN' => "http://www.example.com",
- 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'GET'
+ process :options, "/api/capabilities", :headers => {
+ "HTTP_ORIGIN" => "http://www.example.com",
+ "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET"
+ }
assert_response :success
- assert_equal "http://www.example.com", response.headers['Access-Control-Allow-Origin']
+ assert_equal "*", response.headers["Access-Control-Allow-Origin"]
+ assert_nil response.media_type
+ assert_equal "", response.body
end
def test_non_api_routes_dont_allow_cross_origin_requests
- assert_raises ActionController::RoutingError do
- options "/", nil,
- 'HTTP_ORIGIN' => "http://www.example.com",
- 'HTTP_ACCESS_CONTROL_REQUEST_METHOD' => 'GET'
- end
+ process :options, "/", :headers => {
+ "HTTP_ORIGIN" => "http://www.example.com",
+ "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET"
+ }
+
+ assert_response :success
+ assert_nil response.headers["Access-Control-Allow-Origin"]
+ assert_nil response.media_type
+ assert_equal "", response.body
end
end