Fix use of nil in CORS filter when request doesn't have an Origin header

2012-05-03 20:58:33 +00:00
parent df6d4991f8
commit b40b4d4df3
2 changed files with 10 additions and 1 deletions
--- a/spec/integration/api/cross_origin_request_spec.rb
+++ b/spec/integration/api/cross_origin_request_spec.rb
@@ -40,4 +40,11 @@ feature 'API cross origin request' do
    response.headers['Access-Control-Allow-Origin'].should == origin
    response.headers['Access-Control-Allow-Credentials'].should == 'true'
  end
+
+  scenario 'request without origin' do
+    # FIXME: replace with a more stable/generic action
+    get api_playlists_path(:format => :json)
+
+    response.headers['Access-Control-Allow-Origin'].should == ''
+  end
 end