diff options
Diffstat (limited to 'spec/requests/oauth/tokens_controller_spec.rb')
-rw-r--r-- | spec/requests/oauth/tokens_controller_spec.rb | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/spec/requests/oauth/tokens_controller_spec.rb b/spec/requests/oauth/tokens_controller_spec.rb index 1967d0ba8b1..3895304dbde 100644 --- a/spec/requests/oauth/tokens_controller_spec.rb +++ b/spec/requests/oauth/tokens_controller_spec.rb @@ -6,11 +6,12 @@ RSpec.describe Oauth::TokensController do let(:cors_request_headers) { { 'Origin' => 'http://notgitlab.com' } } let(:other_headers) { {} } let(:headers) { cors_request_headers.merge(other_headers)} + let(:allowed_methods) { 'POST, OPTIONS' } shared_examples 'cross-origin POST request' do it 'allows cross-origin requests' do expect(response.headers['Access-Control-Allow-Origin']).to eq '*' - expect(response.headers['Access-Control-Allow-Methods']).to eq 'POST' + expect(response.headers['Access-Control-Allow-Methods']).to eq allowed_methods expect(response.headers['Access-Control-Allow-Headers']).to be_nil expect(response.headers['Access-Control-Allow-Credentials']).to be_nil end @@ -23,7 +24,7 @@ RSpec.describe Oauth::TokensController do it 'allows cross-origin requests' do expect(response.headers['Access-Control-Allow-Origin']).to eq '*' - expect(response.headers['Access-Control-Allow-Methods']).to eq 'POST' + expect(response.headers['Access-Control-Allow-Methods']).to eq allowed_methods expect(response.headers['Access-Control-Allow-Headers']).to eq 'Authorization' expect(response.headers['Access-Control-Allow-Credentials']).to be_nil end |