correct spec

spec/components/hijack_spec.rb

@@ -108,7 +108,8 @@ describe Hijack do
     expected = {
       "Access-Control-Allow-Origin" => "www.rainbows.com",
       "Access-Control-Allow-Headers" => "Content-Type, X-Requested-With, X-CSRF-Token, Discourse-Visible, User-Api-Key, User-Api-Client-Id",
-      "Access-Control-Allow-Credentials" => "true"
+      "Access-Control-Allow-Credentials" => "true",
+      "Access-Control-Allow-Methods" => "POST, PUT, GET, OPTIONS, DELETE"
     }
 
     expect(headers).to eq(expected)