test corst, fix footer

test/middleware/sanasto_cors_test.rb

@@ -0,0 +1,55 @@
+require "test_helper"
+
+class SanastoCorsTest < ActiveSupport::TestCase
+  def setup
+    @app = ->(_env) { [ 200, {}, [ "ok" ] ] }
+    @middleware = Middleware::SanastoCors.new(@app)
+    @origin = "http://localhost:5173"
+    @app_id = "app.sanasto"
+  end
+
+  test "adds cors headers for allowed get requests" do
+    env = Rack::MockRequest.env_for(
+      "/api/entries",
+      method: "GET",
+      "HTTP_ORIGIN" => @origin,
+      "HTTP_X_SANASTO_APP" => @app_id
+    )
+
+    status, headers, _body = @middleware.call(env)
+
+    assert_equal 200, status
+    assert_equal @origin, headers["Access-Control-Allow-Origin"]
+    assert_includes headers["Access-Control-Allow-Headers"], "X-Sanasto-App"
+  end
+
+  test "returns preflight response with cors headers when app header is requested" do
+    env = Rack::MockRequest.env_for(
+      "/api/entries",
+      method: "OPTIONS",
+      "HTTP_ORIGIN" => @origin,
+      "HTTP_ACCESS_CONTROL_REQUEST_METHOD" => "GET",
+      "HTTP_ACCESS_CONTROL_REQUEST_HEADERS" => "x-sanasto-app"
+    )
+
+    status, headers, _body = @middleware.call(env)
+
+    assert_equal 204, status
+    assert_equal @origin, headers["Access-Control-Allow-Origin"]
+    assert_includes headers["Access-Control-Allow-Headers"], "x-sanasto-app"
+    assert_includes headers["Vary"], "Access-Control-Request-Headers"
+  end
+
+  test "does not add cors headers when app id is missing" do
+    env = Rack::MockRequest.env_for(
+      "/api/entries",
+      method: "GET",
+      "HTTP_ORIGIN" => @origin
+    )
+
+    status, headers, _body = @middleware.call(env)
+
+    assert_equal 200, status
+    assert_nil headers["Access-Control-Allow-Origin"]
+  end
+end