diff options
author | wycats <wycats@gmail.com> | 2010-03-26 15:10:24 -0700 |
---|---|---|
committer | wycats <wycats@gmail.com> | 2010-03-26 15:10:24 -0700 |
commit | 197904341f2b2f21d69c653cede3aec124e86720 (patch) | |
tree | 83f1234e238016126860a929594db22e1862d783 /railties/test/application/configuration_test.rb | |
parent | 76d2c455c0607b4cd5f238cadef8f933a18567fb (diff) | |
parent | b3a0aed028835ce4551c4a76742744a40a71b0be (diff) | |
download | rails-197904341f2b2f21d69c653cede3aec124e86720.tar.gz rails-197904341f2b2f21d69c653cede3aec124e86720.tar.bz2 rails-197904341f2b2f21d69c653cede3aec124e86720.zip |
Merge branch 'master' into docrails
Diffstat (limited to 'railties/test/application/configuration_test.rb')
-rw-r--r-- | railties/test/application/configuration_test.rb | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb index 54cd751f4e..1b6c657d6d 100644 --- a/railties/test/application/configuration_test.rb +++ b/railties/test/application/configuration_test.rb @@ -228,5 +228,32 @@ module ApplicationTests get "/" assert_equal File.expand_path(__FILE__), last_response.headers["X-Lighttpd-Send-File"] end + + test "protect from forgery is the default in a new app" do + require "rails" + require "action_controller/railtie" + + class MyApp < Rails::Application + config.session_store :disabled + + routes.draw do + match "/" => "omg#index" + end + + class ::OmgController < ActionController::Base + protect_from_forgery + + def index + render :inline => "<%= csrf_meta_tag %>" + end + end + end + + require 'rack/test' + extend Rack::Test::Methods + + get "/" + assert last_response.body =~ /csrf\-param/ + end end end |