aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/request_forgery_protection_test.rb
diff options
context:
space:
mode:
authoreileencodes <eileencodes@gmail.com>2015-12-07 09:46:56 -0500
committereileencodes <eileencodes@gmail.com>2015-12-07 10:38:26 -0500
commit39794037817703575c35a75f1961b01b83791191 (patch)
tree7ff1289b9660d0342b3fb748391d6e61c2b61a44 /actionpack/test/controller/request_forgery_protection_test.rb
parentba1bfa7a542e6c81729c8e0039d3866f549ff109 (diff)
downloadrails-39794037817703575c35a75f1961b01b83791191.tar.gz
rails-39794037817703575c35a75f1961b01b83791191.tar.bz2
rails-39794037817703575c35a75f1961b01b83791191.zip
Change the `protect_from_forgery` prepend default to `false`
Per this comment https://github.com/rails/rails/pull/18334#issuecomment-69234050 we want `protect_from_forgery` to default to `prepend: false`. `protect_from_forgery` will now be insterted into the callback chain at the point it is called in your application. This is useful for cases where you want to `protect_from_forgery` after you perform required authentication callbacks or other callbacks that are required to run after forgery protection. If you want `protect_from_forgery` callbacks to always run first, regardless of position they are called in your application, then you can add `prepend: true` to your `protect_from_forgery` call. Example: ```ruby protect_from_forgery prepend: true ```
Diffstat (limited to 'actionpack/test/controller/request_forgery_protection_test.rb')
-rw-r--r--actionpack/test/controller/request_forgery_protection_test.rb4
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 2a3704c300..87a8ed3dc9 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -540,10 +540,10 @@ class PrependProtectForgeryBaseControllerTest < ActionController::TestCase
assert_equal(expected_callback_order, @controller.called_callbacks)
end
- def test_verify_authenticity_token_is_prepended_by_default
+ def test_verify_authenticity_token_is_not_prepended_by_default
@controller = PrependDefaultController.new
get :index
- expected_callback_order = ["verify_authenticity_token", "custom_action"]
+ expected_callback_order = ["custom_action", "verify_authenticity_token"]
assert_equal(expected_callback_order, @controller.called_callbacks)
end
end