bas/solelog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(api): seed reference activities and enable CORS for the worker SPA

Browse Source
This commit is contained in:
Bas van Rossem
2026-06-17 15:54:52 +02:00
parent 85184d3287
commit 35f9aa5574
6 changed files with 122 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
apps/api/test/cors.test.ts Normal file
View File

@@ -0,0 +1,29 @@
import { describe, it, expect } from 'vitest';
import { createApp } from '../src/app';
const ORIGIN = 'http://localhost:5173';
describe('cors', () => {
it('answers a CORS preflight for the SPA origin', async () => {
const app = createApp();
const res = await app.request('/api/activities', {
method: 'OPTIONS',
headers: {
Origin: ORIGIN,
'Access-Control-Request-Method': 'GET',
},
});
expect(res.headers.get('access-control-allow-origin')).toBe(ORIGIN);
const allowMethods = res.headers.get('access-control-allow-methods') ?? '';
expect(allowMethods).toContain('GET');
});
it('exposes set-auth-token to the SPA origin', async () => {
const app = createApp();
const res = await app.request('/api/activities', {
headers: { Origin: ORIGIN },
});
const expose = (res.headers.get('access-control-expose-headers') ?? '').toLowerCase();
expect(expose).toContain('set-auth-token');
});
});