public function testHandleRequest() { $this->request = new Request(); $this->response = new Response(); $this->service = new CorsService(['allowOrigins' => ['*']]); $this->specify('response origin header is set', function () { $this->request->headers->set('Origin', 'http://foo.com'); $response = $this->service->handleRequest($this->request, $this->response); verify($response->headers->get('Access-Control-Allow-Origin'))->equals('http://foo.com'); }); $this->service = new CorsService(['allowOrigins' => ['*']]); $this->specify('response vary header is set', function () { $this->request->headers->set('Origin', 'http://foo.com'); $this->request->headers->set('Vary', 'Accept-Encoding'); $response = $this->service->handleRequest($this->request, $this->response); verify($response->headers->get('Vary'))->equals('Accept-Encoding, Origin'); }); $this->service = new CorsService(['allowOrigins' => ['*'], 'allowMethods' => ['*'], 'allowHeaders' => ['*'], 'allowCredentials' => true]); $this->specify('response credentials header is set', function () { $this->request->headers->set('Origin', 'http://foo.com'); $response = $this->service->handleRequest($this->request, $this->response); verify($response->headers->get('Access-Control-Allow-Credentials'))->equals('true'); }); $this->service = new CorsService(['allowOrigins' => ['*'], 'allowMethods' => ['*'], 'allowHeaders' => ['*'], 'exposeHeaders' => ['Accept', 'Authorization', 'Content-Type']]); $this->specify('response expose headers header is set', function () { $this->request->headers->set('Origin', 'http://foo.com'); $response = $this->service->handleRequest($this->request, $this->response); verify($response->headers->get('Access-Control-Expose-Headers'))->equals('accept, authorization, content-type'); }); }