diff options
| author | Sergey Nartimov <just.lest@gmail.com> | 2012-09-13 12:07:37 +0300 |
|---|---|---|
| committer | Sergey Nartimov <just.lest@gmail.com> | 2012-09-13 12:07:37 +0300 |
| commit | 95be790ece75710f2588558a6d5f40fd09543b97 (patch) | |
| tree | 5dbcfe62d1337ed87c2afdc95f025aee22587a17 /actionpack/test/controller | |
| parent | 616ba15f2cb89588ae3b0a55452f4059f2c118b1 (diff) | |
| download | rails-95be790ece75710f2588558a6d5f40fd09543b97.tar.gz rails-95be790ece75710f2588558a6d5f40fd09543b97.tar.bz2 rails-95be790ece75710f2588558a6d5f40fd09543b97.zip | |
Implement :null_session CSRF protection method
It's further work on CSRF after 245941101b1ea00a9b1af613c20b0ee994a43946.
The :null_session CSRF protection method provide an empty session during
request processing but doesn't reset it completely (as :reset_session
does).
Diffstat (limited to 'actionpack/test/controller')
| -rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 16 |
1 files changed, 6 insertions, 10 deletions
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 0289f4070b..1f637eb791 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -56,22 +56,18 @@ module RequestForgeryProtectionActions end # sample controllers -class RequestForgeryProtectionController < ActionController::Base +class RequestForgeryProtectionControllerUsingResetSession < ActionController::Base include RequestForgeryProtectionActions - protect_from_forgery :only => %w(index meta) + protect_from_forgery :only => %w(index meta), :with => :reset_session end class RequestForgeryProtectionControllerUsingException < ActionController::Base include RequestForgeryProtectionActions - protect_from_forgery :only => %w(index meta) - - def handle_unverified_request - raise(ActionController::InvalidAuthenticityToken) - end + protect_from_forgery :only => %w(index meta), :with => :exception end -class FreeCookieController < RequestForgeryProtectionController +class FreeCookieController < RequestForgeryProtectionControllerUsingResetSession self.allow_forgery_protection = false def index @@ -83,7 +79,7 @@ class FreeCookieController < RequestForgeryProtectionController end end -class CustomAuthenticityParamController < RequestForgeryProtectionController +class CustomAuthenticityParamController < RequestForgeryProtectionControllerUsingResetSession def form_authenticity_param 'foobar' end @@ -268,7 +264,7 @@ end # OK let's get our test on -class RequestForgeryProtectionControllerTest < ActionController::TestCase +class RequestForgeryProtectionControllerUsingResetSessionTest < ActionController::TestCase include RequestForgeryProtectionTests setup do |