X-Git-Url: http://aleph1.co.uk/gitweb/?a=blobdiff_plain;f=web%2Fcore%2Ftests%2FDrupal%2FFunctionalTests%2FHttpKernel%2FCorsIntegrationTest.php;h=cc43936d6f166f27d0b63965da080cd07337983d;hb=5b8bb166bfa98770daef9de5c127fc2e6ef02340;hp=c29324a013512a78d935629464e2e3484b3cedab;hpb=a2bd1bf0c2c1f1a17d188f4dc0726a45494cefae;p=yaffs-website

diff --git a/web/core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php b/web/core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php
index c29324a01..cc43936d6 100644
--- a/web/core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php
+++ b/web/core/tests/Drupal/FunctionalTests/HttpKernel/CorsIntegrationTest.php
@@ -2,6 +2,7 @@
 
 namespace Drupal\FunctionalTests\HttpKernel;
 
+use Drupal\Core\Url;
 use Drupal\Tests\BrowserTestBase;
 
 /**
@@ -72,6 +73,19 @@ class CorsIntegrationTest extends BrowserTestBase {
     $this->drupalGet('/test-page', [], ['Origin' => 'http://example.com']);
     $this->assertSession()->statusCodeEquals(200);
     $this->assertSession()->responseHeaderEquals('Access-Control-Allow-Origin', 'http://example.com');
+
+    // Verify POST still functions with 'Origin' header set to site's domain.
+    $origin = \Drupal::request()->getSchemeAndHttpHost();
+
+    /** @var \GuzzleHttp\ClientInterface $httpClient */
+    $httpClient = $this->getSession()->getDriver()->getClient()->getClient();
+    $url = Url::fromUri('base:/test-page');
+    $response = $httpClient->request('POST', $url->setAbsolute()->toString(), [
+      'headers' => [
+        'Origin' => $origin,
+      ],
+    ]);
+    $this->assertEquals(200, $response->getStatusCode());
   }
 
 }