From 5106ce88e44286b88e5c2e2c261deb7e28392994 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Ku=C5=BAma?= <kuba@synergypeople.net>
Date: Mon, 27 Dec 2010 23:31:14 +0100
Subject: authenticity_token option for form_tag [#2988 state:resolved]

---
 .../test/controller/request_forgery_protection_test.rb | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'actionpack/test/controller')

diff --git a/actionpack/test/controller/request_forgery_protection_test.rb b/actionpack/test/controller/request_forgery_protection_test.rb
index 2c9aa6187b..405af2a650 100644
--- a/actionpack/test/controller/request_forgery_protection_test.rb
+++ b/actionpack/test/controller/request_forgery_protection_test.rb
@@ -12,6 +12,14 @@ module RequestForgeryProtectionActions
     render :inline => "<%= button_to('New', '/') {} %>"
   end
 
+  def external_form
+    render :inline => "<%= form_tag('http://farfar.away/form', :authenticity_token => 'external_token') {} %>"
+  end
+
+  def external_form_without_protection
+    render :inline => "<%= form_tag('http://farfar.away/form', :authenticity_token => false) {} %>"
+  end
+
   def unsafe
     render :text => 'pwn'
   end
@@ -65,6 +73,16 @@ module RequestForgeryProtectionTests
     assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token
   end
 
+  def test_should_render_external_form_with_external_token
+    get :external_form
+    assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', 'external_token'
+  end
+
+  def test_should_render_external_form_without_token
+    get :external_form_without_protection
+    assert_select 'form>div>input[name=?][value=?]', 'authenticity_token', @token, false
+  end
+
   def test_should_allow_get
     get :index
     assert_response :success
-- 
cgit v1.2.3