diff options
Diffstat (limited to 'spec/requests/jira_connect/oauth_application_ids_controller_spec.rb')
| -rw-r--r-- | spec/requests/jira_connect/oauth_application_ids_controller_spec.rb | 34 |
1 files changed, 2 insertions, 32 deletions
diff --git a/spec/requests/jira_connect/oauth_application_ids_controller_spec.rb b/spec/requests/jira_connect/oauth_application_ids_controller_spec.rb index b0c2eaec4e2..1d772e973ff 100644 --- a/spec/requests/jira_connect/oauth_application_ids_controller_spec.rb +++ b/spec/requests/jira_connect/oauth_application_ids_controller_spec.rb @@ -3,42 +3,12 @@ require 'spec_helper' RSpec.describe JiraConnect::OauthApplicationIdsController do - describe 'OPTIONS /-/jira_connect/oauth_application_id' do - before do - stub_application_setting(jira_connect_application_key: '123456') - - options '/-/jira_connect/oauth_application_id', headers: { 'Origin' => 'http://notgitlab.com' } - end - - it 'returns 200' do - expect(response).to have_gitlab_http_status(:ok) - end - - it 'allows cross-origin requests', :aggregate_failures do - expect(response.headers['Access-Control-Allow-Origin']).to eq '*' - expect(response.headers['Access-Control-Allow-Methods']).to eq 'GET, OPTIONS' - expect(response.headers['Access-Control-Allow-Credentials']).to be_nil - end - - context 'on GitLab.com' do - before do - allow(Gitlab).to receive(:com?).and_return(true) - end - - it 'renders not found' do - options '/-/jira_connect/oauth_application_id' - - expect(response).to have_gitlab_http_status(:not_found) - expect(response.headers['Access-Control-Allow-Origin']).not_to eq '*' - end - end - end - describe 'GET /-/jira_connect/oauth_application_id' do let(:cors_request_headers) { { 'Origin' => 'http://notgitlab.com' } } before do stub_application_setting(jira_connect_application_key: '123456') + stub_application_setting(jira_connect_proxy_url: 'https://gitlab.com') end it 'renders the jira connect application id' do @@ -51,7 +21,7 @@ RSpec.describe JiraConnect::OauthApplicationIdsController do it 'allows cross-origin requests', :aggregate_failures do get '/-/jira_connect/oauth_application_id', headers: cors_request_headers - expect(response.headers['Access-Control-Allow-Origin']).to eq '*' + expect(response.headers['Access-Control-Allow-Origin']).to eq 'https://gitlab.com' expect(response.headers['Access-Control-Allow-Methods']).to eq 'GET, OPTIONS' expect(response.headers['Access-Control-Allow-Credentials']).to be_nil end |