Rabbi_Gerzi/backend/tests/Feature/CorsTest.php
2026-05-28 20:11:09 +03:00

43 lines
1.2 KiB
PHP

<?php
namespace Tests\Feature;
use Tests\TestCase;
class CorsTest extends TestCase
{
public function testAllowsProductionFrontendPreflight(): void
{
$response = $this->withHeaders([
'Origin' => 'https://rabbigerzi.com',
'Access-Control-Request-Method' => 'POST',
'Access-Control-Request-Headers' => 'content-type',
])->options('/api/login');
$response->assertNoContent();
$response->assertHeader(
'Access-Control-Allow-Origin',
'https://rabbigerzi.com'
);
$response->assertHeader('Access-Control-Allow-Credentials', 'true');
}
public function testAllowsPatchPreflight(): void
{
$response = $this->withHeaders([
'Origin' => 'http://localhost:5173',
'Access-Control-Request-Method' => 'PATCH',
'Access-Control-Request-Headers' => 'content-type',
])->options('/api/elements/1');
$response->assertNoContent();
$response->assertHeader(
'Access-Control-Allow-Origin',
'http://localhost:5173'
);
$this->assertStringContainsString(
'PATCH',
$response->headers->get('Access-Control-Allow-Methods')
);
}
}