Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/requests/oauth/tokens_controller_spec.rb
diff options
context:
space:
mode:
Diffstat (limited to 'spec/requests/oauth/tokens_controller_spec.rb')
-rw-r--r--spec/requests/oauth/tokens_controller_spec.rb7
1 files changed, 4 insertions, 3 deletions
diff --git a/spec/requests/oauth/tokens_controller_spec.rb b/spec/requests/oauth/tokens_controller_spec.rb
index e4cb28cc42b..507489d92cf 100644
--- a/spec/requests/oauth/tokens_controller_spec.rb
+++ b/spec/requests/oauth/tokens_controller_spec.rb
@@ -7,6 +7,7 @@ RSpec.describe Oauth::TokensController do
let(:other_headers) { {} }
let(:headers) { cors_request_headers.merge(other_headers) }
let(:allowed_methods) { 'POST, OPTIONS' }
+ let(:authorization_methods) { %w[Authorization X-CSRF-Token X-Requested-With] }
shared_examples 'cross-origin POST request' do
it 'allows cross-origin requests' do
@@ -25,7 +26,7 @@ RSpec.describe Oauth::TokensController do
it 'allows cross-origin requests' do
expect(response.headers['Access-Control-Allow-Origin']).to eq '*'
expect(response.headers['Access-Control-Allow-Methods']).to eq allowed_methods
- expect(response.headers['Access-Control-Allow-Headers']).to eq 'Authorization'
+ expect(response.headers['Access-Control-Allow-Headers']).to eq authorization_methods
expect(response.headers['Access-Control-Allow-Credentials']).to be_nil
end
end
@@ -39,7 +40,7 @@ RSpec.describe Oauth::TokensController do
end
describe 'OPTIONS /oauth/token' do
- let(:other_headers) { { 'Access-Control-Request-Headers' => 'Authorization', 'Access-Control-Request-Method' => 'POST' } }
+ let(:other_headers) { { 'Access-Control-Request-Headers' => authorization_methods, 'Access-Control-Request-Method' => 'POST' } }
before do
options '/oauth/token', headers: headers
@@ -63,7 +64,7 @@ RSpec.describe Oauth::TokensController do
end
describe 'OPTIONS /oauth/revoke' do
- let(:other_headers) { { 'Access-Control-Request-Headers' => 'Authorization', 'Access-Control-Request-Method' => 'POST' } }
+ let(:other_headers) { { 'Access-Control-Request-Headers' => authorization_methods, 'Access-Control-Request-Method' => 'POST' } }
before do
options '/oauth/revoke', headers: headers
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-20 14:07:06 +0300