require "test_helper"

class CorsPreflightTest < ActionDispatch::IntegrationTest
  setup do
    @origin = "http://localhost:5173"
    @app_id = "app.sanasto"
  end

  test "options preflight returns cors headers when app header is requested" do
    options "/api/entries", headers: {
      "Origin" => @origin,
      "Access-Control-Request-Method" => "GET",
      "Access-Control-Request-Headers" => "x-sanasto-app"
    }

    assert_response :no_content
    assert_equal @origin, response.headers["Access-Control-Allow-Origin"]
    assert_includes response.headers["Access-Control-Allow-Headers"], "x-sanasto-app"
  end

  test "get includes cors headers when app id is provided" do
    get "/api/entries", headers: {
      "Origin" => @origin,
      "X-Sanasto-App" => @app_id
    }

    assert_response :success
    assert_equal @origin, response.headers["Access-Control-Allow-Origin"]
  end
end