qa 2.0.1 → 2.1.1

data/lib/qa/authorities/linked_data/search_query.rb

@@ -37,6 +37,7 @@ module Qa::Authorities
 
         def parse_search_authority_response(graph, language)
           graph = filter_language(graph, language) unless language.nil?
+          graph = filter_out_blanknodes(graph)
           results = extract_preds(graph, preds_for_search)
           consolidated_results = consolidate_search_results(results)
           json_results = convert_search_to_json(consolidated_results)
@@ -61,7 +62,7 @@ module Qa::Authorities
           preds
         end
 
-        def consolidate_search_results(results)
+        def consolidate_search_results(results) # rubocop:disable Metrics/MethodLength
           consolidated_results = {}
           return consolidated_results if results.nil? || !results.count.positive?
           results.each do |statement|
@@ -105,11 +106,14 @@ module Qa::Authorities
           lbl
         end
 
-        def sort_search_results(json_results)
+        def sort_search_results(json_results) # rubocop:disable Metrics/MethodLength
           return json_results unless supports_sort?
           json_results.sort! do |a, b|
             cmp = sort_when_missing_sort_predicate(a, b)
-            next unless cmp.nil?
+            next cmp unless cmp.nil?
+
+            cmp = numeric_sort(a, b)
+            next cmp unless cmp.nil?
 
             as = a[:sort].collect(&:downcase)
             bs = b[:sort].collect(&:downcase)
@@ -138,6 +142,18 @@ module Qa::Authorities
           return 1 if bs.size <= current_list_size # consider shorter b list of values lower then longer a list
           nil
         end
+
+        def numeric_sort(a, b)
+          return nil if a[:sort].size > 1
+          return nil if b[:sort].size > 1
+          return nil unless s_is_i? a[:sort][0]
+          return nil unless s_is_i? b[:sort][0]
+          Integer(a[:sort][0]) <=> Integer(b[:sort][0])
+        end
+
+        def s_is_i?(s)
+          /\A[-+]?\d+\z/ === s # rubocop:disable Style/CaseEquality
+        end
     end
   end
 end

data/lib/qa/authorities/loc_subauthority.rb

@@ -18,7 +18,7 @@ module Qa::Authorities::LocSubauthority
     ]
   end
 
-  def vocabularies
+  def vocabularies # rubocop:disable Metrics/MethodLength
     [
       "graphicMaterials",
       "organizations",
@@ -40,7 +40,7 @@ module Qa::Authorities::LocSubauthority
     ["edtf"]
   end
 
-  def preservation
+  def preservation # rubocop:disable Metrics/MethodLength
     [
       "contentLocationType",
       "copyrightStatus",

data/lib/qa/authorities/local.rb

@@ -20,15 +20,13 @@ module Qa::Authorities
         if config[:local_path].starts_with?(File::Separator)
           config[:local_path]
         else
-          File.join(Rails.root, config[:local_path])
+          Rails.root.join(config[:local_path]).to_s # TODO: Rails.root.join returns class Pathname, which may be ok.  Added to_s because of failing regression test.
         end
       end
 
       # Local sub-authorities are any YAML files in the subauthorities_path
       def names
-        unless Dir.exist? subauthorities_path
-          raise Qa::ConfigDirectoryNotFound, "There's no directory at #{subauthorities_path}. You must create it in order to use local authorities"
-        end
+        raise Qa::ConfigDirectoryNotFound, "There's no directory at #{subauthorities_path}. You must create it in order to use local authorities" unless Dir.exist? subauthorities_path
         Dir.entries(subauthorities_path).map { |f| File.basename(f, ".yml") if f =~ /yml$/ }.compact
       end
 

data/lib/qa/authorities/local/file_based_authority.rb

@@ -25,7 +25,7 @@ module Qa::Authorities
     private
 
       def terms
-        subauthority_hash = YAML.load(File.read(subauthority_filename))
+        subauthority_hash = YAML.load(File.read(subauthority_filename)) # rubocop:disable Security/YAMLLoad # TODO: Explore how to change this to safe_load.  Many tests fail when making this change.
         terms = subauthority_hash.with_indifferent_access.fetch(:terms, [])
         normalize_terms(terms)
       end

data/lib/qa/authorities/local/mysql_table_based_authority.rb

@@ -5,8 +5,7 @@ module Qa
         self.table_index = "index_qa_local_authority_entries_on_lower_label_and_authority"
 
         def self.check_for_index
-          conn = ActiveRecord::Base.connection
-          if table_or_view_exists? && conn.index_name_exists?(table_name.to_sym, table_index, :default).blank?
+          if table_or_view_exists? && index_name_exists? # rubocop:disable Style/GuardClause
             Rails.logger.error "You've installed mysql local authority tables, but you haven't indexed the lower label. "
             "Rails doesn't support functional indexes in migrations, so we tried to execute it for you but something went wrong...\n" \
             "Make sure your table has a lower_label column, which is virtually created, and that the column is indexed." \
@@ -19,6 +18,16 @@ module Qa
           return [] if q.blank?
           output_set(base_relation.where('lower_label like ?', "#{q.downcase}%").limit(25))
         end
+
+        def self.index_name_exists?
+          conn = ActiveRecord::Base.connection
+          if ActiveRecord::VERSION::MAJOR >= 5 && ActiveRecord::VERSION::MINOR >= 1
+            conn.index_name_exists?(table_name, table_index).blank?
+          else
+            conn.index_name_exists?(table_name, table_index, :default).blank?
+          end
+        end
+        private_class_method :index_name_exists?
       end
     end
   end

data/lib/qa/authorities/local/table_based_authority.rb

@@ -9,7 +9,8 @@ module Qa::Authorities
         @checked_for_index ||= begin
           conn = ActiveRecord::Base.connection
           if table_or_view_exists? && !conn.indexes(table_name).find { |i| i.name == table_index }
-            Rails.logger.error "You've installed local authority tables, but you haven't indexed the label.  Rails doesn't support functional indexes in migrations, so you'll have to add this manually:\n" \
+            Rails.logger.error "You've installed local authority tables, but you haven't indexed the label.  " \
+              "Rails doesn't support functional indexes in migrations, so you'll have to add this manually:\n" \
               "CREATE INDEX \"#{table_index}\" ON \"#{table_name}\" (local_authority_id, lower(label))\n" \
               "   OR on Sqlite: \n" \
               "CREATE INDEX \"#{table_index}\" ON \"#{table_name}\" (local_authority_id, label collate nocase)\n" \

data/lib/qa/authorities/mesh_tools/mesh_data_parser.rb

@@ -7,7 +7,7 @@ module Qa::Authorities
         @file = file
       end
 
-      def each_mesh_record
+      def each_mesh_record # rubocop:disable Metrics/MethodLength
         current_data = {}
         in_record = false
         file.each_line do |line|

data/lib/qa/authorities/mesh_tools/mesh_importer.rb

@@ -1,7 +1,7 @@
 module Qa::Authorities
   module MeshTools
     class MeshImporter
-      def import_from_file(f)
+      def import_from_file(f) # rubocop:disable Metrics/MethodLength
         entries = []
         trees = []
         mesh = Qa::Authorities::MeshTools::MeshDataParser.new(f)

data/lib/qa/authorities/oclcts/generic_oclc_authority.rb

@@ -27,9 +27,7 @@ module Qa::Authorities
         a = {}
         zthes_record = raw_response.xpath("sru:searchRetrieveResponse/sru:records/sru:record/sru:recordData/Zthes/term[termId='#{id}']", 'sru' => 'http://www.loc.gov/zing/srw/')
         zthes_record.children.each do |child|
-          if (child.is_a? Nokogiri::XML::Element) && !child.children.nil? && (child.children.size == 1) && (child.children.first.is_a? Nokogiri::XML::Text)
-            a[child.name] = child.children.first.to_s
-          end
+          a[child.name] = child.children.first.to_s if (child.is_a? Nokogiri::XML::Element) && !child.children.nil? && (child.children.size == 1) && (child.children.first.is_a? Nokogiri::XML::Text)
         end
         a
       end

data/lib/qa/configuration.rb

@@ -0,0 +1,16 @@
+module Qa
+  class Configuration
+    def cors_headers?
+      return @cors_headers_enabled unless @cors_headers_enabled.nil?
+      @cors_headers_enabled = false
+    end
+
+    def enable_cors_headers
+      @cors_headers_enabled = true
+    end
+
+    def disable_cors_headers
+      @cors_headers_enabled = false
+    end
+  end
+end

data/lib/qa/version.rb

@@ -1,3 +1,3 @@
 module Qa
-  VERSION = "2.0.1".freeze
+  VERSION = "2.1.1".freeze
 end

data/lib/tasks/mesh.rake

@@ -2,11 +2,12 @@ require 'benchmark'
 
 namespace :mesh do
   desc "Import MeSH terms from the file $MESH_FILE, it will update any terms which are already in the database"
-  task :import => :environment do
+  # task :import => :environment do
+  task import: :environment do
     fname = ENV['MESH_FILE']
     if fname.nil?
       puts "Need to set $MESH_FILE with path to file to ingest"
-      next  # transfers control out of this block
+      next # transfers control out of this block
     end
     Benchmark.bm(30) do |bm|
       bm.report("Importing #{fname}") do
@@ -22,5 +23,4 @@ namespace :mesh do
   task :clear do
     puts "Not implemented"
   end
-
 end

data/spec/controllers/linked_data_terms_controller_spec.rb

@@ -6,13 +6,13 @@ describe Qa::LinkedDataTermsController, type: :controller do
   end
 
   describe '#check_authority' do
-    it 'returns 400 if the vocabulary is not specified' do
+    it 'for search returns 400 if the vocabulary is not specified' do
       expect(Rails.logger).to receive(:warn).with("Required param 'vocab' is missing or empty")
       get :search, params: { q: 'a query', vocab: '' }
       expect(response.code).to eq('400')
     end
 
-    it 'returns 400 if the vocabulary is not specified' do
+    it 'for show returns 400 if the vocabulary is not specified' do
       expect(Rails.logger).to receive(:warn).with("Required param 'vocab' is missing or empty")
       get :show, params: { id: 'C_1234', vocab: '' }
       expect(response.code).to eq('400')
@@ -92,7 +92,8 @@ describe Qa::LinkedDataTermsController, type: :controller do
           allow(RDF::Graph).to receive(:load).and_raise(RDF::FormatError)
         end
         it 'returns 500' do
-          expect(Rails.logger).to receive(:warn).with("RDF Format Error - Results from search query my_query for authority OCLC_FAST was not identified as a valid RDF format.  You may need to include the linkeddata gem.")
+          msg = "RDF Format Error - Results from search query my_query for authority OCLC_FAST was not identified as a valid RDF format.  You may need to include the linkeddata gem."
+          expect(Rails.logger).to receive(:warn).with(msg)
           get :search, params: { q: 'my_query', vocab: 'OCLC_FAST', maximumRecords: '3' }
           expect(response.code).to eq('500')
         end
@@ -122,6 +123,7 @@ describe Qa::LinkedDataTermsController, type: :controller do
         expect(response.code).to eq('503')
       end
     end
+
     context 'in OCLC_FAST authority' do
       context '0 search results' do
         before do
@@ -130,7 +132,7 @@ describe Qa::LinkedDataTermsController, type: :controller do
         end
         it 'succeeds' do
           get :search, params: { q: 'supercalifragilisticexpialidocious', vocab: 'OCLC_FAST', maximumRecords: '3' }
-          expect(response).to be_success
+          expect(response).to be_successful
         end
       end
 
@@ -141,7 +143,7 @@ describe Qa::LinkedDataTermsController, type: :controller do
         end
         it 'succeeds' do
           get :search, params: { q: 'cornell', vocab: 'OCLC_FAST', maximumRecords: '3' }
-          expect(response).to be_success
+          expect(response).to be_successful
         end
       end
     end
@@ -154,7 +156,7 @@ describe Qa::LinkedDataTermsController, type: :controller do
         end
         it 'succeeds' do
           get :search, params: { q: 'supercalifragilisticexpialidocious', vocab: 'OCLC_FAST', subauthority: 'personal_name', maximumRecords: '3' }
-          expect(response).to be_success
+          expect(response).to be_successful
         end
       end
 
@@ -165,7 +167,31 @@ describe Qa::LinkedDataTermsController, type: :controller do
         end
         it 'succeeds' do
           get :search, params: { q: 'cornell', vocab: 'OCLC_FAST', subauthority: 'personal_name', maximumRecords: '3' }
-          expect(response).to be_success
+          expect(response).to be_successful
+        end
+      end
+
+      context 'when cors headers are enabled' do
+        before do
+          Qa.config.enable_cors_headers
+          stub_request(:get, 'http://experimental.worldcat.org/fast/search?maximumRecords=3&query=oclc.personalName%20all%20%22cornell%22&sortKeys=usage')
+            .to_return(status: 200, body: webmock_fixture('lod_oclc_personalName_query_3_results.rdf.xml'), headers: { 'Content-Type' => 'application/rdf+xml' })
+        end
+        it 'Access-Control-Allow-Origin is *' do
+          get :search, params: { q: 'cornell', vocab: 'OCLC_FAST', subauthority: 'personal_name', maximumRecords: '3' }
+          expect(response.headers['Access-Control-Allow-Origin']).to eq '*'
+        end
+      end
+
+      context 'when cors headers are disabled' do
+        before do
+          Qa.config.disable_cors_headers
+          stub_request(:get, 'http://experimental.worldcat.org/fast/search?maximumRecords=3&query=oclc.personalName%20all%20%22cornell%22&sortKeys=usage')
+            .to_return(status: 200, body: webmock_fixture('lod_oclc_personalName_query_3_results.rdf.xml'), headers: { 'Content-Type' => 'application/rdf+xml' })
+        end
+        it 'Access-Control-Allow-Origin is not present' do
+          get :search, params: { q: 'cornell', vocab: 'OCLC_FAST', subauthority: 'personal_name', maximumRecords: '3' }
+          expect(response.headers.key?('Access-Control-Allow-Origin')).to be false
         end
       end
     end
@@ -178,7 +204,7 @@ describe Qa::LinkedDataTermsController, type: :controller do
         end
         it 'succeeds' do
           get :search, params: { q: 'supercalifragilisticexpialidocious', vocab: 'AGROVOC' }
-          expect(response).to be_success
+          expect(response).to be_successful
         end
       end
 
@@ -189,7 +215,7 @@ describe Qa::LinkedDataTermsController, type: :controller do
         end
         it 'succeeds' do
           get :search, params: { q: 'milk', vocab: 'AGROVOC' }
-          expect(response).to be_success
+          expect(response).to be_successful
         end
       end
     end
@@ -214,7 +240,8 @@ describe Qa::LinkedDataTermsController, type: :controller do
           allow(RDF::Graph).to receive(:load).and_raise(RDF::FormatError)
         end
         it 'returns 500' do
-          expect(Rails.logger).to receive(:warn).with("RDF Format Error - Results from fetch term 530369 for authority OCLC_FAST was not identified as a valid RDF format.  You may need to include the linkeddata gem.")
+          msg = "RDF Format Error - Results from fetch term 530369 for authority OCLC_FAST was not identified as a valid RDF format.  You may need to include the linkeddata gem."
+          expect(Rails.logger).to receive(:warn).with(msg)
           get :show, params: { id: '530369', vocab: 'OCLC_FAST' }
           expect(response.code).to eq('500')
         end
@@ -245,7 +272,7 @@ describe Qa::LinkedDataTermsController, type: :controller do
 
     context 'when requested term is not found at the server' do
       before do
-        stub_request(:get, 'http://id.worldcat.org/fast/FAKE_ID').to_return(status: 404, body: '', headers:  {})
+        stub_request(:get, 'http://id.worldcat.org/fast/FAKE_ID').to_return(status: 404, body: '', headers: {})
       end
       it 'returns 404' do
         expect(Rails.logger).to receive(:warn).with('Term Not Found - Fetch term FAKE_ID unsuccessful for authority OCLC_FAST')
@@ -262,7 +289,31 @@ describe Qa::LinkedDataTermsController, type: :controller do
         end
         it 'succeeds' do
           get :show, params: { id: '530369', vocab: 'OCLC_FAST' }
-          expect(response).to be_success
+          expect(response).to be_successful
+        end
+      end
+
+      context 'when cors headers are enabled' do
+        before do
+          Qa.config.enable_cors_headers
+          stub_request(:get, 'http://id.worldcat.org/fast/530369')
+            .to_return(status: 200, body: webmock_fixture('lod_oclc_term_found.rdf.xml'), headers: { 'Content-Type' => 'application/rdf+xml' })
+        end
+        it 'Access-Control-Allow-Origin is *' do
+          get :show, params: { id: '530369', vocab: 'OCLC_FAST' }
+          expect(response.headers['Access-Control-Allow-Origin']).to eq '*'
+        end
+      end
+
+      context 'when cors headers are disabled' do
+        before do
+          Qa.config.disable_cors_headers
+          stub_request(:get, 'http://id.worldcat.org/fast/530369')
+            .to_return(status: 200, body: webmock_fixture('lod_oclc_term_found.rdf.xml'), headers: { 'Content-Type' => 'application/rdf+xml' })
+        end
+        it 'Access-Control-Allow-Origin is not present' do
+          get :show, params: { id: '530369', vocab: 'OCLC_FAST' }
+          expect(response.headers.key?('Access-Control-Allow-Origin')).to be false
         end
       end
     end
@@ -275,7 +326,7 @@ describe Qa::LinkedDataTermsController, type: :controller do
         end
         it 'succeeds' do
           get :show, params: { id: 'c_9513', vocab: 'AGROVOC' }
-          expect(response).to be_success
+          expect(response).to be_successful
         end
       end
     end
@@ -288,7 +339,7 @@ describe Qa::LinkedDataTermsController, type: :controller do
         end
         it 'succeeds' do
           get :show, params: { id: 'sh85118553', vocab: 'LOC', subauthority: 'subjects' }
-          expect(response).to be_success
+          expect(response).to be_successful
         end
       end
     end

data/spec/controllers/terms_controller_spec.rb

@@ -29,7 +29,16 @@ describe Qa::TermsController, type: :controller do
     end
     context "when a sub-authority does not exist" do
       it "returns 404 if a sub-authority does not exist" do
-        expect(Rails.logger).to receive(:warn).with("Unable to initialize sub-authority non-existent-subauthority for Qa::Authorities::Loc. Valid sub-authorities are [\"subjects\", \"names\", \"classification\", \"childrensSubjects\", \"genreForms\", \"performanceMediums\", \"graphicMaterials\", \"organizations\", \"relators\", \"countries\", \"ethnographicTerms\", \"geographicAreas\", \"languages\", \"iso639-1\", \"iso639-2\", \"iso639-5\", \"preservation\", \"actionsGranted\", \"agentType\", \"edtf\", \"contentLocationType\", \"copyrightStatus\", \"cryptographicHashFunctions\", \"environmentCharacteristic\", \"environmentPurpose\", \"eventRelatedAgentRole\", \"eventRelatedObjectRole\", \"eventType\", \"formatRegistryRole\", \"hardwareType\", \"inhibitorTarget\", \"inhibitorType\", \"objectCategory\", \"preservationLevelRole\", \"relationshipSubType\", \"relationshipType\", \"rightsBasis\", \"rightsRelatedAgentRole\", \"signatureEncoding\", \"signatureMethod\", \"softwareType\", \"storageMedium\"]")
+        msg = "Unable to initialize sub-authority non-existent-subauthority for Qa::Authorities::Loc. Valid sub-authorities are " \
+              "[\"subjects\", \"names\", \"classification\", \"childrensSubjects\", \"genreForms\", \"performanceMediums\", " \
+              "\"graphicMaterials\", \"organizations\", \"relators\", \"countries\", \"ethnographicTerms\", \"geographicAreas\", " \
+              "\"languages\", \"iso639-1\", \"iso639-2\", \"iso639-5\", \"preservation\", \"actionsGranted\", \"agentType\", " \
+              "\"edtf\", \"contentLocationType\", \"copyrightStatus\", \"cryptographicHashFunctions\", " \
+              "\"environmentCharacteristic\", \"environmentPurpose\", \"eventRelatedAgentRole\", \"eventRelatedObjectRole\", " \
+              "\"eventType\", \"formatRegistryRole\", \"hardwareType\", \"inhibitorTarget\", \"inhibitorType\", \"objectCategory\", " \
+              "\"preservationLevelRole\", \"relationshipSubType\", \"relationshipType\", \"rightsBasis\", \"rightsRelatedAgentRole\", " \
+              "\"signatureEncoding\", \"signatureMethod\", \"softwareType\", \"storageMedium\"]"
+        expect(Rails.logger).to receive(:warn).with(msg)
         get :search, params: { q: "a query", vocab: "loc", subauthority: "non-existent-subauthority" }
         expect(response.code).to eq("404")
       end
@@ -63,7 +72,7 @@ describe Qa::TermsController, type: :controller do
       end
       it "succeeds" do
         get :search, params: { q: "a query", vocab: "local", subauthority: "two_args" }
-        expect(response).to be_success
+        expect(response).to be_successful
       end
     end
 
@@ -76,12 +85,38 @@ describe Qa::TermsController, type: :controller do
 
       it "returns a set of terms for a tgnlang query" do
         get :search, params: { q: "Tibetan", vocab: "tgnlang" }
-        expect(response).to be_success
+        expect(response).to be_successful
       end
 
       it "does not return 404 if subauthority is valid" do
         get :search, params: { q: "Berry", vocab: "loc", subauthority: "names" }
-        expect(response).to be_success
+        expect(response).to be_successful
+      end
+
+      context 'when cors headers are enabled' do
+        before do
+          Qa.config.enable_cors_headers
+          stub_request(:get, "http://id.loc.gov/search/?format=json&q=Berry&q=cs:http://id.loc.gov/authorities/names")
+            .with(headers: { 'Accept' => 'application/json' })
+            .to_return(body: webmock_fixture("loc-names-response.txt"), status: 200)
+        end
+        it 'Access-Control-Allow-Origin is *' do
+          get :search, params: { q: "Tibetan", vocab: "tgnlang" }
+          expect(response.headers['Access-Control-Allow-Origin']).to eq '*'
+        end
+      end
+
+      context 'when cors headers are disabled' do
+        before do
+          Qa.config.disable_cors_headers
+          stub_request(:get, "http://id.loc.gov/search/?format=json&q=Berry&q=cs:http://id.loc.gov/authorities/names")
+            .with(headers: { 'Accept' => 'application/json' })
+            .to_return(body: webmock_fixture("loc-names-response.txt"), status: 200)
+        end
+        it 'Access-Control-Allow-Origin is not present' do
+          get :search, params: { q: "Tibetan", vocab: "tgnlang" }
+          expect(response.headers.key?('Access-Control-Allow-Origin')).to be false
+        end
       end
     end
 
@@ -93,7 +128,7 @@ describe Qa::TermsController, type: :controller do
       end
       it "succeeds if authority class is camelcase" do
         get :search, params: { q: "word", vocab: "assign_fast", subauthority: "topical" }
-        expect(response).to be_success
+        expect(response).to be_successful
       end
     end
   end
@@ -102,11 +137,31 @@ describe Qa::TermsController, type: :controller do
     context "with supported authorities" do
       it "returns all local authority state terms" do
         get :index, params: { vocab: "local", subauthority: "states" }
-        expect(response).to be_success
+        expect(response).to be_successful
       end
       it "returns all MeSH terms" do
         get :index, params: { vocab: "mesh" }
-        expect(response).to be_success
+        expect(response).to be_successful
+      end
+
+      context 'when cors headers are enabled' do
+        before do
+          Qa.config.enable_cors_headers
+        end
+        it 'Access-Control-Allow-Origin is *' do
+          get :index, params: { vocab: "local", subauthority: "states" }
+          expect(response.headers['Access-Control-Allow-Origin']).to eq '*'
+        end
+      end
+
+      context 'when cors headers are disabled' do
+        before do
+          Qa.config.disable_cors_headers
+        end
+        it 'Access-Control-Allow-Origin is not present' do
+          get :index, params: { vocab: "local", subauthority: "states" }
+          expect(response.headers.key?('Access-Control-Allow-Origin')).to be false
+        end
       end
     end
 
@@ -136,17 +191,37 @@ describe Qa::TermsController, type: :controller do
 
       it "returns an individual state term" do
         get :show, params: { vocab: "local", subauthority: "states", id: "OH" }
-        expect(response).to be_success
+        expect(response).to be_successful
       end
 
       it "returns an individual MeSH term" do
         get :show, params: { vocab: "mesh", id: "D000001" }
-        expect(response).to be_success
+        expect(response).to be_successful
       end
 
       it "returns an individual subject term" do
         get :show, params: { vocab: "loc", subauthority: "subjects", id: "sh85077565" }
-        expect(response).to be_success
+        expect(response).to be_successful
+      end
+
+      context 'when cors headers are enabled' do
+        before do
+          Qa.config.enable_cors_headers
+        end
+        it 'Access-Control-Allow-Origin is *' do
+          get :show, params: { vocab: "mesh", id: "D000001" }
+          expect(response.headers['Access-Control-Allow-Origin']).to eq '*'
+        end
+      end
+
+      context 'when cors headers are disabled' do
+        before do
+          Qa.config.disable_cors_headers
+        end
+        it 'Access-Control-Allow-Origin is not present' do
+          get :show, params: { vocab: "mesh", id: "D000001" }
+          expect(response.headers.key?('Access-Control-Allow-Origin')).to be false
+        end
       end
     end
   end