@Test public void corsWhenEnabledThenAccessControlAllowOriginAndSecurityHeaders() { this.http.cors().configurationSource(this.source); this.expectedHeaders.set("Access-Control-Allow-Origin", "*"); this.expectedHeaders.set("X-Frame-Options", "DENY"); assertHeaders(); }