handle($request); $this->assertEquals('nosniff', $response->getHeaderLine('X-Content-Type-Options')); $this->assertEquals('SAMEORIGIN', $response->getHeaderLine('X-Frame-Options')); } public function test_cors_headers_are_present(): void { $kernel = new Kernel(); // Preflight request $request = new ServerRequest('OPTIONS', '/_phred/health'); $request = $request->withHeader('Origin', 'http://example.com') ->withHeader('Access-Control-Request-Method', 'GET'); $response = $kernel->handle($request); $this->assertEquals('http://example.com', $response->getHeaderLine('Access-Control-Allow-Origin')); } }