Don't check authenticity tokens for any AJAX requests

1 files changed, 6 insertions, 5 deletions

diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 835e73e3ab..83925ed4db 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -151,14 +151,10 @@ module RequestForgeryProtectionTests
       delete :index, :format => 'xml'
     end
   end
-
+  
   def test_should_allow_xhr_post_without_token
     assert_nothing_raised { xhr :post, :index }
   end
-  def test_should_not_allow_xhr_post_with_html_without_token
-    @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
-    assert_raise(ActionController::InvalidAuthenticityToken) { xhr :post, :index }
-  end
   
   def test_should_allow_xhr_put_without_token
     assert_nothing_raised { xhr :put, :index }
@@ -168,6 +164,11 @@ module RequestForgeryProtectionTests
     assert_nothing_raised { xhr :delete, :index }
   end
   
+  def test_should_allow_xhr_post_with_encoded_form_content_type_without_token
+    @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
+    assert_nothing_raised { xhr :post, :index }
+  end
+  
   def test_should_allow_post_with_token
     post :index, :authenticity_token => @token
     assert_response :success