Include application/javascript when checking content_type

author: Gabriel Jaldon <gjaldon85@gmail.com> 2014-12-10 23:21:01 +0800
committer: Greg Molnar <molnargerg@gmail.com> 2018-05-27 16:17:53 +0200
commit: d3a2c53955f28e0f3dfe0403ef691b903496e957 (patch)
tree: f87e894796b322fe05b25ef831ad7cec5c359105 /actionpack/test/controller/request_forgery_protection_test.rb
parent: 17bf62033edd4f0934c9f4a9e0c7a5f0f765975b (diff)
download: rails-d3a2c53955f28e0f3dfe0403ef691b903496e957.tar.gz
rails-d3a2c53955f28e0f3dfe0403ef691b903496e957.tar.bz2
rails-d3a2c53955f28e0f3dfe0403ef691b903496e957.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 7a02c27c99..ea94a3e048 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -521,6 +521,11 @@ module RequestForgeryProtectionTests
       get :negotiate_same_origin
     end
 
+    assert_cross_origin_blocked do
+      @request.accept = "application/javascript"
+      get :negotiate_same_origin
+    end
+
     assert_cross_origin_not_blocked { get :same_origin_js, xhr: true }
     assert_cross_origin_not_blocked { get :same_origin_js, xhr: true, format: "js" }
     assert_cross_origin_not_blocked do
author	Gabriel Jaldon <gjaldon85@gmail.com>	2014-12-10 23:21:01 +0800
committer	Greg Molnar <molnargerg@gmail.com>	2018-05-27 16:17:53 +0200
commit	d3a2c53955f28e0f3dfe0403ef691b903496e957 (patch)
tree	f87e894796b322fe05b25ef831ad7cec5c359105 /actionpack/test/controller/request_forgery_protection_test.rb
parent	17bf62033edd4f0934c9f4a9e0c7a5f0f765975b (diff)
download	rails-d3a2c53955f28e0f3dfe0403ef691b903496e957.tar.gz rails-d3a2c53955f28e0f3dfe0403ef691b903496e957.tar.bz2 rails-d3a2c53955f28e0f3dfe0403ef691b903496e957.zip