test(cors): add comprehensive PublicApiCors middleware tests #21

Merged

Snider merged 1 commit from test/public-api-cors into main

2026-02-21 00:01:57 +00:00

Author	SHA1	Message	Date
darbs-claude	d6c00e4ba8	test(cors): add comprehensive PublicApiCors middleware tests (#8 ) Some checks are pending CI / PHP 8.2 (pull_request) Waiting to run Details CI / PHP 8.3 (pull_request) Waiting to run Details CI / PHP 8.4 (pull_request) Waiting to run Details CI / Assets (pull_request) Waiting to run Details Tests cover: - OPTIONS preflight returns 204 with no body and skips next handler - CORS headers added to GET/POST responses - Origin header echoed back; wildcard used when absent - Correct allowed methods (GET, POST, OPTIONS) - Correct allowed headers (Content-Type, Accept, X-Requested-With) - Rate limit headers exposed to browser clients - Max-Age 3600 and Vary: Origin for correct cache behaviour - Access-Control-Allow-Credentials intentionally absent (security boundary) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-02-20 23:49:17 +00:00

Author

SHA1

Message

Date

darbs-claude

d6c00e4ba8

test(cors): add comprehensive PublicApiCors middleware tests (#8 )

CI / PHP 8.2 (pull_request) Waiting to run

Details

CI / PHP 8.3 (pull_request) Waiting to run

Details

CI / PHP 8.4 (pull_request) Waiting to run

Details

CI / Assets (pull_request) Waiting to run

Details

Tests cover:
- OPTIONS preflight returns 204 with no body and skips next handler
- CORS headers added to GET/POST responses
- Origin header echoed back; wildcard used when absent
- Correct allowed methods (GET, POST, OPTIONS)
- Correct allowed headers (Content-Type, Accept, X-Requested-With)
- Rate limit headers exposed to browser clients
- Max-Age 3600 and Vary: Origin for correct cache behaviour
- Access-Control-Allow-Credentials intentionally absent (security boundary)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-02-20 23:49:17 +00:00