X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/feb463839301b0b596089e48a981660365d2c4a7..HEAD:/services/api/test/integration/cross_origin_test.rb

diff --git a/services/api/test/integration/cross_origin_test.rb b/services/api/test/integration/cross_origin_test.rb
index 28c1b81dab..6a3db89fc4 100644
--- a/services/api/test/integration/cross_origin_test.rb
+++ b/services/api/test/integration/cross_origin_test.rb
@@ -1,29 +1,33 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 require 'test_helper'
 
 class CrossOriginTest < ActionDispatch::IntegrationTest
-  def options *args
+  def options path, **kwargs
     # Rails doesn't support OPTIONS the same way as GET, POST, etc.
     reset! unless integration_session
-    integration_session.__send__(:process, :options, *args).tap do
+    integration_session.__send__(:process, :options, path, **kwargs).tap do
       copy_session_variables!
     end
   end
 
   %w(/login /logout /auth/example/callback /auth/joshid).each do |path|
     test "OPTIONS requests are refused at #{path}" do
-      options path, {}, {}
+      options path, params: {}, headers: {}
       assert_no_cors_headers
     end
 
     test "CORS headers do not exist at GET #{path}" do
-      get path, {}, {}
+      get path, params: {}, headers: {}
       assert_no_cors_headers
     end
   end
 
   %w(/discovery/v1/apis/arvados/v1/rest).each do |path|
     test "CORS headers are set at GET #{path}" do
-      get path, {}, {}
+      get path, params: {}, headers: {}
       assert_response :success
       assert_cors_headers
     end
@@ -32,15 +36,15 @@ class CrossOriginTest < ActionDispatch::IntegrationTest
   ['/arvados/v1/collections',
    '/arvados/v1/users',
    '/arvados/v1/api_client_authorizations'].each do |path|
-    test "CORS headers are set and body is stub at OPTIONS #{path}" do
-      options path, {}, {}
+    test "CORS headers are set and body is empty at OPTIONS #{path}" do
+      options path, params: {}, headers: {}
       assert_response :success
       assert_cors_headers
-      assert_equal '-', response.body
+      assert_equal '', response.body
     end
 
     test "CORS headers are set at authenticated GET #{path}" do
-      get path, {}, auth(:active_trustedclient)
+      get path, params: {}, headers: auth(:active_trustedclient)
       assert_response :success
       assert_cors_headers
     end
@@ -51,7 +55,7 @@ class CrossOriginTest < ActionDispatch::IntegrationTest
     # does not grant access to any resources.
     ['GET', 'POST'].each do |method|
       test "Session does not work at #{method} #{path}" do
-        send method.downcase, path, {format: 'json'}, {user_id: 1}
+        send method.downcase, path, params: {format: 'json'}, headers: {user_id: 1}
         assert_response 401
         assert_cors_headers
       end
@@ -65,7 +69,7 @@ class CrossOriginTest < ActionDispatch::IntegrationTest
     %w(GET HEAD POST PUT DELETE).each do |m|
       assert_includes allowed, m, "A-C-A-Methods should include #{m}"
     end
-    assert_equal 'Authorization', response.headers['Access-Control-Allow-Headers']
+    assert_equal 'Authorization, Content-Type', response.headers['Access-Control-Allow-Headers']
   end
 
   def assert_no_cors_headers