call( 'OPTIONS', '/api/media', [], [], [], ['HTTP_Authorization' => 'Bearer ' . $this->getToken()] ); $response->assertHeader('Access-Control-Allow-Origin', '*'); } #[Test] public function check_for_no_cors_header_on_non_media_endpoint_links(): void { $response = $this->get('/blog'); $response->assertHeaderMissing('Access-Control-Allow-Origin'); } }