diff options
author | Timothy N. Tsvetkov <timothy.tsvetkov@gmail.com> | 2011-02-05 18:37:53 +0300 |
---|---|---|
committer | Santiago Pastorino <santiago@wyeworks.com> | 2011-02-05 18:58:32 -0200 |
commit | b9309b47cda12db34ac3427fbafff2dca0314ed7 (patch) | |
tree | 3a45755fa1f3430c9ea4152e7f58cba8e8df70b6 /actionpack/test | |
parent | 5af31f37fb28e2e78b96d1ccf624871c883cc622 (diff) | |
download | rails-b9309b47cda12db34ac3427fbafff2dca0314ed7.tar.gz rails-b9309b47cda12db34ac3427fbafff2dca0314ed7.tar.bz2 rails-b9309b47cda12db34ac3427fbafff2dca0314ed7.zip |
Added tests for form_for and an authenticity_token option. Added docs for for_for and authenticity_token option. Added section to form helpers guide about forms for external resources and new authenticity_token option for form_tag and form_for helpers.
[#6228 state:committed]
Signed-off-by: Santiago Pastorino <santiago@wyeworks.com>
Diffstat (limited to 'actionpack/test')
-rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 405af2a650..4f4de0cbee 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -28,6 +28,14 @@ module RequestForgeryProtectionActions render :inline => "<%= csrf_meta_tags %>" end + def external_form_for + render :inline => "<%= form_for(:some_resource, :html => { :authenticity_token => 'external_token' }) {} %>" + end + + def form_for_without_protection + render :inline => "<%= form_for(:some_resource, :html => { :authenticity_token => false }) {} %>" + end + def rescue_action(e) raise e end end @@ -68,6 +76,16 @@ module RequestForgeryProtectionTests assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token end + def test_should_render_external_form_for_with_external_token + get :external_form_for + assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', 'external_token' + end + + def test_should_render_form_for_without_token_tag + get :form_for_without_protection + assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token, false + end + def test_should_render_button_to_with_token_tag get :show_button assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token |