@Test
public void test1CorsIsEnabledOnAllDomainsGET() throws IOException {
final String shouldAllowOrigin = "http://foo.bar.com";
setCorsFilterFeature(true, ImmutableList.<String>of());
HttpClient client = client();
HttpToolResponse response = HttpTool.execAndConsume(client, httpOptionsRequest("server/ha/state", "GET", shouldAllowOrigin));
List<String> accessControlAllowOrigin = response.getHeaderLists().get(HEADER_AC_ALLOW_ORIGIN);
assertEquals(accessControlAllowOrigin.size(), 1);
assertEquals(accessControlAllowOrigin.get(0), "*", "Should allow GET requests made from " + shouldAllowOrigin);
assertEquals(response.getHeaderLists().get(HEADER_AC_ALLOW_HEADERS).size(), 1);
assertEquals(response.getHeaderLists().get(HEADER_AC_ALLOW_HEADERS).get(0), "x-csrf-token", "Should have asked and allowed x-csrf-token header from " + shouldAllowOrigin);
assertOkayResponse(response, "");
HttpUriRequest httpRequest = RequestBuilder.get(getBaseUriRest() + "server/ha/state")
.addHeader("Origin", shouldAllowOrigin)
.addHeader(HEADER_AC_REQUEST_METHOD, "GET")
.build();
response = HttpTool.execAndConsume(client, httpRequest);
accessControlAllowOrigin = response.getHeaderLists().get(HEADER_AC_ALLOW_ORIGIN);
assertEquals(accessControlAllowOrigin.size(), 1);
assertEquals(accessControlAllowOrigin.get(0), "*", "Should allow GET requests made from " + shouldAllowOrigin);
assertOkayResponse(response, "\"MASTER\"");
}