diff options
author | Carlhuda <carlhuda@engineyard.com> | 2010-03-19 11:09:41 -0700 |
---|---|---|
committer | Carlhuda <carlhuda@engineyard.com> | 2010-03-19 11:11:02 -0700 |
commit | 7f53dca1a13e21ec4400a765f637b73c0f194979 (patch) | |
tree | a05523cc5568badb44340452e669b8f74cb5416f /railties/test/application/configuration_test.rb | |
parent | 562154fcbc8f36f94c986a3253c73ae88e2c1146 (diff) | |
download | rails-7f53dca1a13e21ec4400a765f637b73c0f194979.tar.gz rails-7f53dca1a13e21ec4400a765f637b73c0f194979.tar.bz2 rails-7f53dca1a13e21ec4400a765f637b73c0f194979.zip |
Fix protect_against_forgery
Diffstat (limited to 'railties/test/application/configuration_test.rb')
-rw-r--r-- | railties/test/application/configuration_test.rb | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/railties/test/application/configuration_test.rb b/railties/test/application/configuration_test.rb index 54cd751f4e..1b6c657d6d 100644 --- a/railties/test/application/configuration_test.rb +++ b/railties/test/application/configuration_test.rb @@ -228,5 +228,32 @@ module ApplicationTests get "/" assert_equal File.expand_path(__FILE__), last_response.headers["X-Lighttpd-Send-File"] end + + test "protect from forgery is the default in a new app" do + require "rails" + require "action_controller/railtie" + + class MyApp < Rails::Application + config.session_store :disabled + + routes.draw do + match "/" => "omg#index" + end + + class ::OmgController < ActionController::Base + protect_from_forgery + + def index + render :inline => "<%= csrf_meta_tag %>" + end + end + end + + require 'rack/test' + extend Rack::Test::Methods + + get "/" + assert last_response.body =~ /csrf\-param/ + end end end |