30 lines
977 B
TypeScript
30 lines
977 B
TypeScript
import { describe, it, expect } from 'vitest';
|
|
import { createApp } from '../src/app';
|
|
|
|
const ORIGIN = 'http://localhost:5173';
|
|
|
|
describe('cors', () => {
|
|
it('answers a CORS preflight for the SPA origin', async () => {
|
|
const app = createApp();
|
|
const res = await app.request('/api/activities', {
|
|
method: 'OPTIONS',
|
|
headers: {
|
|
Origin: ORIGIN,
|
|
'Access-Control-Request-Method': 'GET',
|
|
},
|
|
});
|
|
expect(res.headers.get('access-control-allow-origin')).toBe(ORIGIN);
|
|
const allowMethods = res.headers.get('access-control-allow-methods') ?? '';
|
|
expect(allowMethods).toContain('GET');
|
|
});
|
|
|
|
it('exposes set-auth-token to the SPA origin', async () => {
|
|
const app = createApp();
|
|
const res = await app.request('/api/activities', {
|
|
headers: { Origin: ORIGIN },
|
|
});
|
|
const expose = (res.headers.get('access-control-expose-headers') ?? '').toLowerCase();
|
|
expect(expose).toContain('set-auth-token');
|
|
});
|
|
});
|