diff options
author | Sergey Nartimov <just.lest@gmail.com> | 2012-03-09 19:33:06 +0300 |
---|---|---|
committer | Sergey Nartimov <just.lest@gmail.com> | 2012-03-09 19:33:06 +0300 |
commit | 245941101b1ea00a9b1af613c20b0ee994a43946 (patch) | |
tree | a00431449c3dd935677a3fcb8728aa0dfb4b3cba /actionpack/test | |
parent | 7638004d7d23df668ec33a3c570b7865e0d06a06 (diff) | |
download | rails-245941101b1ea00a9b1af613c20b0ee994a43946.tar.gz rails-245941101b1ea00a9b1af613c20b0ee994a43946.tar.bz2 rails-245941101b1ea00a9b1af613c20b0ee994a43946.zip |
configure how unverified request will be handled
can be configured using `:with` option in `protect_from_forgery` method
or `request_forgery_protection_method` config option
possible values:
- :reset_session (default)
- :exception
new applications are generated with:
protect_from_forgery :with => :exception
Diffstat (limited to 'actionpack/test')
-rw-r--r-- | actionpack/test/controller/request_forgery_protection_test.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb index 64ed7f667f..ef795dad89 100644 --- a/actionpack/test/controller/request_forgery_protection_test.rb +++ b/actionpack/test/controller/request_forgery_protection_test.rb @@ -43,7 +43,7 @@ class RequestForgeryProtectionController < ActionController::Base protect_from_forgery :only => %w(index meta) end -class RequestForgeryProtectionControllerUsingOldBehaviour < ActionController::Base +class RequestForgeryProtectionControllerUsingException < ActionController::Base include RequestForgeryProtectionActions protect_from_forgery :only => %w(index meta) @@ -215,7 +215,7 @@ class RequestForgeryProtectionControllerTest < ActionController::TestCase end end -class RequestForgeryProtectionControllerUsingOldBehaviourTest < ActionController::TestCase +class RequestForgeryProtectionControllerUsingExceptionTest < ActionController::TestCase include RequestForgeryProtectionTests def assert_blocked assert_raises(ActionController::InvalidAuthenticityToken) do |