public function testDoesNotAddAllowCredentialsHeadersIfAsked() { $request = new HttpRequest(); $request->getHeaders()->addHeaderLine('Origin', 'http://example.com'); $this->corsOptions->setAllowedCredentials(false); $response = $this->corsService->createPreflightCorsResponse($request); $headers = $response->getHeaders(); $this->assertFalse($headers->has('Access-Control-Allow-Credentials')); }
public function testCanModifyOptions() { $options = new CorsOptions(); $options->setAllowedOrigins(array('http://example1.com', 'http://example2.com')); $this->assertEquals(array('http://example1.com', 'http://example2.com'), $options->getAllowedOrigins()); $options->setAllowedMethods(array('POST', 'GET')); $this->assertEquals(array('POST', 'GET'), $options->getAllowedMethods()); $options->setAllowedHeaders(array('Content-Type')); $this->assertEquals(array('Content-Type'), $options->getAllowedHeaders()); $options->setMaxAge(30); $this->assertEquals(30, $options->getMaxAge()); $options->setExposedHeaders(array('Location', 'X-Custom-Header')); $this->assertEquals(array('Location', 'X-Custom-Header'), $options->getExposedHeaders()); $options->setAllowedCredentials(true); $this->assertTrue($options->getAllowedCredentials()); }