Merge pull request #24 from TVke/fix-breaking-change

Add test and default value to expose header
spatie · Apr 24, 2018 · 3178076 · 3178076
2 parents 98893ca + 3f67ae3
commit 3178076
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 2 deletions.
diff --git a/src/Cors.php b/src/Cors.php
@@ -3,7 +3,6 @@
 namespace Spatie\Cors;
 
 use Closure;
-use Illuminate\Http\Response;
 use Spatie\Cors\CorsProfile\CorsProfile;
 
 class Cors

diff --git a/src/CorsProfile/DefaultProfile.php b/src/CorsProfile/DefaultProfile.php
@@ -29,7 +29,7 @@ public function allowHeaders(): array
 
     public function exposeHeaders(): array
     {
-        return config('cors.default_profile.expose_headers');
+        return config('cors.default_profile.expose_headers') ?? [];
     }
 
     public function maxAge(): int

diff --git a/tests/CorsTest.php b/tests/CorsTest.php
@@ -82,6 +82,19 @@ public function it_sends_the_custom_forbidden_response_for_invalid_requests()
             ->assertSee($forbiddenMessage);
     }
 
+    /** @test */
+    public function it_will_be_a_valid_profile_if_expose_header_is_not_set()
+    {
+        config()->set('cors.default_profile.expose_headers', null);
+
+        $this
+            ->sendRequest('POST', 'https://spatie.be')
+            ->assertSuccessful()
+            ->assertHeader('Access-Control-Expose-Headers', '')
+            ->assertHeader('Access-Control-Allow-Origin', '*')
+            ->assertSee('real content');
+    }
+
     public function sendRequest(string $method, string $origin)
     {
         $headers = [