aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller/request_forgery_protection_test.rb
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/test/controller/request_forgery_protection_test.rb')
-rw-r--r--actionpack/test/controller/request_forgery_protection_test.rb11
1 files changed, 6 insertions, 5 deletions
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 835e73e3ab..83925ed4db 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -151,14 +151,10 @@ module RequestForgeryProtectionTests
delete :index, :format => 'xml'
end
end
-
+
def test_should_allow_xhr_post_without_token
assert_nothing_raised { xhr :post, :index }
end
- def test_should_not_allow_xhr_post_with_html_without_token
- @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
- assert_raise(ActionController::InvalidAuthenticityToken) { xhr :post, :index }
- end
def test_should_allow_xhr_put_without_token
assert_nothing_raised { xhr :put, :index }
@@ -168,6 +164,11 @@ module RequestForgeryProtectionTests
assert_nothing_raised { xhr :delete, :index }
end
+ def test_should_allow_xhr_post_with_encoded_form_content_type_without_token
+ @request.env['CONTENT_TYPE'] = Mime::URL_ENCODED_FORM.to_s
+ assert_nothing_raised { xhr :post, :index }
+ end
+
def test_should_allow_post_with_token
post :index, :authenticity_token => @token
assert_response :success
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-30 14:13:36 +0000