scube-server/spec/controllers/api/application_controller_spec.rb

require 'spec_helper'

describe Api::ApplicationController do
  before do
    controller.current_user = Factory.create(:user)
  end

  context 'CORS: Cross-Origin Ressource Sharing' do
    before do
      request.env['Origin'] = 'http://origin.example/'
    end

    context 'preflight' do
      controller(Api::ApplicationController) do
        alias_method :index, :cor_preflight
      end

      def options(action)
        process action, nil, nil, nil, 'OPTIONS'
      end

      it 'sets Access-Control-Allow-Methods header' do
        options :index
        response.headers['Access-Control-Allow-Methods'].should ==
          'GET, POST, PUT, DELETE'
      end

      it 'sets Access-Control-Allow-Methods header' do
        options :index
        response.headers['Access-Control-Allow-Headers'].should ==
          'Content-Type, X-Requested-With'
      end
    end

    describe 'before filter' do
      controller(Api::ApplicationController) do
        def index
          head :ok
        end
      end

      it 'sets Access-Control-Allow-Origin header' do
        get :index
        response.headers['Access-Control-Allow-Origin'].should ==
          request.env['Origin']
      end
    end
  end
end