From 92ed5325438b79ea06431705397f6c7b443a0d84 Mon Sep 17 00:00:00 2001
From: Hakan Ensari <me@hakanensari.com>
Date: Mon, 25 Apr 2016 19:05:07 +0100
Subject: [PATCH] Fix OPTIONS requests

#18
---
 lib/api.rb       | 6 +++---
 spec/api_spec.rb | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/api.rb b/lib/api.rb
index e609ba0..0d53775 100644
--- a/lib/api.rb
+++ b/lib/api.rb
@@ -6,13 +6,13 @@
 
 configure do
   set :options_response_headers,
-      'Allow'                            => 'HEAD, GET, OPTIONS',
+      'Allow'                            => 'GET, HEAD, OPTIONS',
       'Access-Control-Allow-Headers'     => 'X-Requested-With, X-HTTP-Method-Override, Content-Type, Cache-Control, Accept'
 
   set :cors_response_headers,
       'Access-Control-Allow-Credentials' => 'true',
       'Access-Control-Allow-Headers'     => '*, Content-Type, Accept, AUTHORIZATION, Cache-Control',
-      'Access-Control-Allow-Methods'     => 'POST, GET, OPTIONS',
+      'Access-Control-Allow-Methods'     => 'GET, HEAD, OPTIONS',
       'Access-Control-Allow-Origin'      => '*',
       'Access-Control-Expose-Headers'    => 'Cache-Control, Content-Language, Content-Type, Expires, Last-Modified, Pragma',
       'Access-Control-Max-Age'           => '1728000'
@@ -60,7 +60,7 @@ def enable_cross_origin
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS#Preflighted_requests
 options '*' do
   headers settings.options_response_headers
-  pass
+  200
 end
 
 get '/' do
diff --git a/spec/api_spec.rb b/spec/api_spec.rb
index cdfa7a2..fb2ee54 100644
--- a/spec/api_spec.rb
+++ b/spec/api_spec.rb
@@ -61,5 +61,6 @@
     options '/'
     refute_empty headers['Allow']
     refute_empty headers['Access-Control-Allow-Headers']
+    last_response.must_be :ok?
   end
 end