X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/060d38d627bd1e51dd2b3c6e7de9af6aa7d7b6f3..b4b8e120c8ac43a16513079e2ae9f46bcdb9c35d:/services/api/test/integration/cross_origin_test.rb diff --git a/services/api/test/integration/cross_origin_test.rb b/services/api/test/integration/cross_origin_test.rb index 0dd8146bdd..e3099f1573 100644 --- a/services/api/test/integration/cross_origin_test.rb +++ b/services/api/test/integration/cross_origin_test.rb @@ -15,19 +15,19 @@ class CrossOriginTest < ActionDispatch::IntegrationTest %w(/login /logout /auth/example/callback /auth/joshid).each do |path| test "OPTIONS requests are refused at #{path}" do - options path, {}, {} + options path, params: {}, headers: {} assert_no_cors_headers end test "CORS headers do not exist at GET #{path}" do - get path, {}, {} + get path, params: {}, headers: {} assert_no_cors_headers end end %w(/discovery/v1/apis/arvados/v1/rest).each do |path| test "CORS headers are set at GET #{path}" do - get path, {}, {} + get path, params: {}, headers: {} assert_response :success assert_cors_headers end @@ -36,15 +36,15 @@ class CrossOriginTest < ActionDispatch::IntegrationTest ['/arvados/v1/collections', '/arvados/v1/users', '/arvados/v1/api_client_authorizations'].each do |path| - test "CORS headers are set and body is stub at OPTIONS #{path}" do - options path, {}, {} + test "CORS headers are set and body is empty at OPTIONS #{path}" do + options path, params: {}, headers: {} assert_response :success assert_cors_headers - assert_equal '-', response.body + assert_equal '', response.body end test "CORS headers are set at authenticated GET #{path}" do - get path, {}, auth(:active_trustedclient) + get path, params: {}, headers: auth(:active_trustedclient) assert_response :success assert_cors_headers end @@ -55,7 +55,7 @@ class CrossOriginTest < ActionDispatch::IntegrationTest # does not grant access to any resources. ['GET', 'POST'].each do |method| test "Session does not work at #{method} #{path}" do - send method.downcase, path, {format: 'json'}, {user_id: 1} + send method.downcase, path, params: {format: 'json'}, headers: {user_id: 1} assert_response 401 assert_cors_headers end @@ -69,7 +69,7 @@ class CrossOriginTest < ActionDispatch::IntegrationTest %w(GET HEAD POST PUT DELETE).each do |m| assert_includes allowed, m, "A-C-A-Methods should include #{m}" end - assert_equal 'Authorization', response.headers['Access-Control-Allow-Headers'] + assert_equal 'Authorization, Content-Type', response.headers['Access-Control-Allow-Headers'] end def assert_no_cors_headers