From 9b2e36e4fb7aa2f5aca493488c24bc1d6f3af45d Mon Sep 17 00:00:00 2001
From: Naz <hi@nazavo.com>
Date: Thu, 3 Nov 2022 11:10:46 +0800
Subject: [PATCH] Fixed CORS middleware unit test

refs https://github.com/TryGhost/Toolbox/issues/461

- The unit test was never using the "OPTIONS" request method, which did not actually trigger the full logic of the "cors" module used under the hood.
- Using the correct request method triggers all the right pathways and tests the state that's closer to the real world - for example the response does get "ended" instead of calling the "next" middleware.
---
 .../test/unit/server/web/api/middleware/cors.test.js | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/ghost/core/test/unit/server/web/api/middleware/cors.test.js b/ghost/core/test/unit/server/web/api/middleware/cors.test.js
index a535edd728..02d953fb58 100644
--- a/ghost/core/test/unit/server/web/api/middleware/cors.test.js
+++ b/ghost/core/test/unit/server/web/api/middleware/cors.test.js
@@ -13,6 +13,7 @@ describe('cors', function () {
 
     beforeEach(function () {
         req = {
+            method: 'OPTIONS',
             headers: {
                 origin: null
             },
@@ -26,7 +27,8 @@ describe('cors', function () {
             vary: sinon.spy(),
             setHeader: function (h, v) {
                 this.headers[h] = v;
-            }
+            },
+            end: sinon.spy()
         };
 
         next = sinon.spy();
@@ -58,7 +60,7 @@ describe('cors', function () {
 
         cors(req, res, next);
 
-        next.called.should.be.true();
+        res.end.called.should.be.true();
         res.headers['Access-Control-Allow-Origin'].should.equal(origin);
 
         done();
@@ -73,7 +75,7 @@ describe('cors', function () {
 
         cors(req, res, next);
 
-        next.called.should.be.true();
+        res.end.called.should.be.true();
         res.headers['Access-Control-Allow-Origin'].should.equal(origin);
 
         done();
@@ -105,7 +107,7 @@ describe('cors', function () {
 
         cors(req, res, next);
 
-        next.called.should.be.true();
+        res.end.called.should.be.true();
         res.headers['Access-Control-Allow-Origin'].should.equal(origin);
 
         done();
@@ -127,7 +129,7 @@ describe('cors', function () {
 
         cors(req, res, next);
 
-        next.called.should.be.true();
+        res.end.called.should.be.true();
         res.headers['Access-Control-Allow-Origin'].should.equal(origin);
 
         done();