aboutsummaryrefslogtreecommitdiffstats
path: root/actionpack/test/controller
diff options
context:
space:
mode:
Diffstat (limited to 'actionpack/test/controller')
-rw-r--r--actionpack/test/controller/request_forgery_protection_test.rb29
1 files changed, 25 insertions, 4 deletions
diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index d0c3c6e224..295075fed4 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -93,19 +93,37 @@ module RequestForgeryProtectionTests
post :unsafe
assert_response :success
end
-
+
def test_should_not_allow_post_without_token
assert_raises(ActionController::InvalidAuthenticityToken) { post :index }
end
-
+
def test_should_not_allow_put_without_token
assert_raises(ActionController::InvalidAuthenticityToken) { put :index }
end
-
+
def test_should_not_allow_delete_without_token
assert_raises(ActionController::InvalidAuthenticityToken) { delete :index }
end
-
+
+ def test_should_not_allow_api_formatted_post_without_token
+ assert_raises(ActionController::InvalidAuthenticityToken) do
+ post :index, :format => 'xml'
+ end
+ end
+
+ def test_should_not_allow_put_without_token
+ assert_raises(ActionController::InvalidAuthenticityToken) do
+ put :index, :format => 'xml'
+ end
+ end
+
+ def test_should_not_allow_delete_without_token
+ assert_raises(ActionController::InvalidAuthenticityToken) do
+ delete :index, :format => 'xml'
+ end
+ end
+
def test_should_not_allow_xhr_post_without_token
assert_raises(ActionController::InvalidAuthenticityToken) { xhr :post, :index }
end
@@ -134,16 +152,19 @@ module RequestForgeryProtectionTests
end
def test_should_allow_post_with_xml
+ @request.env['CONTENT_TYPE'] = Mime::XML.to_s
post :index, :format => 'xml'
assert_response :success
end
def test_should_allow_put_with_xml
+ @request.env['CONTENT_TYPE'] = Mime::XML.to_s
put :index, :format => 'xml'
assert_response :success
end
def test_should_allow_delete_with_xml
+ @request.env['CONTENT_TYPE'] = Mime::XML.to_s
delete :index, :format => 'xml'
assert_response :success
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-23 05:38:08 +0000