diff options
author | Jeremy Kemper <jeremy@bitsweat.net> | 2010-02-04 14:15:16 -0800 |
---|---|---|
committer | Jeremy Kemper <jeremy@bitsweat.net> | 2010-02-04 14:58:32 -0800 |
commit | 78de17cf7095af8e86d192af8d8fbe21e6f193d9 (patch) | |
tree | e8fe545aea289d059f9eac3d0bf335586a149576 /actionpack/test/controller/request_forgery_protection_test.rb | |
parent | 127e53453dc52e07aff877212e204084f7321529 (diff) | |
download | rails-78de17cf7095af8e86d192af8d8fbe21e6f193d9.tar.gz rails-78de17cf7095af8e86d192af8d8fbe21e6f193d9.tar.bz2 rails-78de17cf7095af8e86d192af8d8fbe21e6f193d9.zip |
Expose CSRF tag for UJS adapters
Diffstat (limited to 'actionpack/test/controller/request_forgery_protection_test.rb')
-rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index b2a0e2e2a3..55c21bc84a 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -15,13 +15,17 @@ module RequestForgeryProtectionActions render :text => 'pwn' end + def meta + render :inline => "<%= csrf_meta_tag %>" + end + def rescue_action(e) raise e end end # sample controllers class RequestForgeryProtectionController < ActionController::Base include RequestForgeryProtectionActions - protect_from_forgery :only => :index + protect_from_forgery :only => %w(index meta) end class FreeCookieController < RequestForgeryProtectionController @@ -211,6 +215,11 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase ActiveSupport::SecureRandom.stubs(:base64).returns(@token) ActionController::Base.request_forgery_protection_token = :authenticity_token end + + test 'should emit a csrf-token meta tag' do + get :meta + assert_equal %(<meta name="csrf-token" content="#{@token}"/>), @response.body + end end class FreeCookieControllerTest < ActionController::TestCase @@ -238,6 +247,11 @@ class FreeCookieControllerTest < ActionController::TestCase assert_nothing_raised { send(method, :index)} end end + + test 'should not emit a csrf-token meta tag' do + get :meta + assert @response.body.blank? + end end class CustomAuthenticityParamControllerTest < ActionController::TestCase |