在我的控制器中,我有以下before_action ......
def cors_set_headers
headers['Access-Control-Allow-Origin'] = '*'
headers['Access-Control-Allow-Methods'] = 'POST, PUT, DELETE, GET, OPTIONS'
headers['Access-Control-Request-Method'] = '*'
headers['Access-Control-Allow-Headers'] = 'Origin, X-Requested-With, Content-Type, Accept, Authorization'
end
我正在尝试编写测试以确保使用以下代码设置这些标头...
describe 'cors headers action ' do
it 'sets the proper headers' do
get :jobs, format: :json
p response.headers
expect(response.headers['Access-Control-Allow-Origin']).to eq('*')
expect(response.headers['Access-Control-Allow-Methods']).to eq('POST, PUT, DELETE, GET, OPTIONS')
expect(response.headers['Access-Control-Request-Method']).to eq('*')
expect(response.headers['Access-Control-Allow-Headers']).to eq('Origin, X-Requested-With, Content-Type, Accept, Authorization')
end
end
当我做回应时,唯一的标题会回来。标题是 - {" X-Frame-Options" =>" SAMEORIGIN"," X-XSS-保护" = GT;" 1; mode = block"," X-Content-Type-Options" =>" nosniff"," Content-Type" =>"为text / html;字符集= UTF-8"}
这在我的应用程序中运行得很好,但不是测试。那么,任何想法可能是什么问题?感谢。