diff options
| author | Ross Kaffenburger and Bryan Helmkamp <developers@weplay.com> | 2009-03-04 16:05:15 -0500 |
|---|---|---|
| committer | Carl Lerche & Yehuda Katz <wycats@gmail.com> | 2009-04-15 16:04:21 -0700 |
| commit | 256b0ee8e3c1610967dfc89f864e24b98ed3c236 (patch) | |
| tree | 057ef8c74d5aeaf964dd7a1743359a758c1bbf7a /actionpack/test | |
| parent | 3c1187699a80e0c4a003f5693389595cd644390f (diff) | |
| download | rails-256b0ee8e3c1610967dfc89f864e24b98ed3c236.tar.gz rails-256b0ee8e3c1610967dfc89f864e24b98ed3c236.tar.bz2 rails-256b0ee8e3c1610967dfc89f864e24b98ed3c236.zip | |
Don't check authenticity tokens for any AJAX requests
Diffstat (limited to 'actionpack/test')
| -rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 835e73e3ab..83925ed4db 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -151,14 +151,10 @@ module RequestForgeryProtectionTests delete :index, :format => 'xml' end end - + def test_should_allow_xhr_post_without_token assert_nothing_raised { xhr :post, :index } end - def test_should_not_allow_xhr_post_with_html_without_token - @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s - assert_raise(ActionController::InvalidAuthenticityToken) { xhr :post, :index } - end def test_should_allow_xhr_put_without_token assert_nothing_raised { xhr :put, :index } @@ -168,6 +164,11 @@ module RequestForgeryProtectionTests assert_nothing_raised { xhr :delete, :index } end + def test_should_allow_xhr_post_with_encoded_form_content_type_without_token + @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s + assert_nothing_raised { xhr :post, :index } + end + def test_should_allow_post_with_token post :index, :authenticity_token => @token assert_response :success |