Implement Cross-Origin Resource Sharing:

* Add Api::ApplicationController * Route OPTION requests (CORS preflight) to API application controller * Filter all API requests through #cor_filter in API application controller
2012-02-26 14:10:19 +00:00
parent 88d3242843
commit 6379da88e2
6 changed files with 118 additions and 1 deletions
--- a/spec/integration/api/cross_origin_request_spec.rb
+++ b/spec/integration/api/cross_origin_request_spec.rb
@@ -0,0 +1,41 @@
+require 'spec_helper'
+
+feature 'API cross origin request' do
+  include UserIntegrationHelpers
+
+  let(:user)    { Factory.create(:user) }
+  let(:origin)  { 'http://origin.example/' }
+
+  background do
+    post sessions_path, :session => {
+      :email    => user.email,
+      :password => user.password
+    }
+  end
+
+  scenario 'preflight request' do
+    # FIXME: replace with a more stable/generic action
+    # FIXME: request without redirect
+    request_via_redirect(
+      :options,
+      api_v0_playlists_path(:format => :json),
+      nil,
+      { 'Origin' => origin }
+    )
+
+    response.headers['Access-Control-Allow-Origin'].should == origin
+    response.headers['Access-Control-Allow-Methods'].should ==
+      'GET, POST, PUT, DELETE'
+    response.headers['Access-Control-Allow-Headers'].should ==
+      'Content-Type, X-Requested-With'
+  end
+
+  scenario 'basic request' do
+    # FIXME: replace with a more stable/generic action
+    get api_v0_playlists_path(:format => :json), nil, {
+      'Origin' => origin
+    }
+
+    response.headers['Access-Control-Allow-Origin'].should == origin
+  end
+end