Allow API consumer to send credentials on cross-origin requests

2012-03-13 21:12:24 +00:00
parent 196ea16a94
commit 499b06c9e5
2 changed files with 3 additions and 0 deletions
--- a/spec/integration/api/cross_origin_request_spec.rb
+++ b/spec/integration/api/cross_origin_request_spec.rb
@@ -24,6 +24,7 @@ feature 'API cross origin request' do
    )

    response.headers['Access-Control-Allow-Origin'].should == origin
+    response.headers['Access-Control-Allow-Credentials'].should == 'true'
    response.headers['Access-Control-Allow-Methods'].should ==
      'GET, POST, PUT, DELETE'
    response.headers['Access-Control-Allow-Headers'].should ==
@@ -37,5 +38,6 @@ feature 'API cross origin request' do
    }

    response.headers['Access-Control-Allow-Origin'].should == origin
+    response.headers['Access-Control-Allow-Credentials'].should == 'true'
  end
 end